[Secure-testing-commits] r39278 - data/CVE
Ben Hutchings
benh at moszumanska.debian.org
Fri Jan 29 03:52:06 UTC 2016
Author: benh
Date: 2016-01-29 03:52:06 +0000 (Fri, 29 Jan 2016)
New Revision: 39278
Modified:
data/CVE/list
Log:
Revert "Remove <no-dsa> for CVE-2015-{5203,5221}; these are not minor issues"
jmm told me that double-frees are rarely exploitable when using the glibc
allocator, so I'll accept the previous classification.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-29 03:49:22 UTC (rev 39277)
+++ data/CVE/list 2016-01-29 03:52:06 UTC (rev 39278)
@@ -15205,6 +15205,9 @@
CVE-2015-5221 [use-after-free in mif_process_cmpt]
RESERVED
- jasper <unfixed> (bug #796253)
+ [jessie] - jasper <no-dsa> (Minor issue)
+ [wheezy] - jasper <no-dsa> (Minor issue)
+ [squeeze] - jasper <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) ...)
NOT-FOR-US: JBoss EAP
@@ -15260,6 +15263,9 @@
CVE-2015-5203 [double free triggered by jasper_image_stop_load function]
RESERVED
- jasper <unfixed> (bug #796107)
+ [squeeze] - jasper <no-dsa> (Minor issue)
+ [wheezy] - jasper <no-dsa> (Minor issue)
+ [jessie] - jasper <no-dsa> (Minor issue)
NOTE: Analysis/More information: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c3
CVE-2015-5202
RESERVED
More information about the Secure-testing-commits
mailing list