[Secure-testing-commits] r43054 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Thu Jul 7 16:35:40 UTC 2016
Author: apo
Date: 2016-07-07 16:35:40 +0000 (Thu, 07 Jul 2016)
New Revision: 43054
Modified:
data/CVE/list
Log:
Mark CVE-2016-6163 as not-affected in Wheezy
Unreproducible, vulnerable fallback functions not present.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-07 15:29:47 UTC (rev 43053)
+++ data/CVE/list 2016-07-07 16:35:40 UTC (rev 43054)
@@ -14,6 +14,7 @@
CVE-2016-6163 [read out-of-bounds in librsvg2 (a dependency of gdk-pixbuf used to render svg images).]
- librsvg 2.40.9-2
[jessie] - librsvg <no-dsa> (Minor issue)
+ [wheezy] - librsvg <not-affected> (vulnerable code not present, no segfault)
NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7)
NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7
CVE-2016-6162 [BUG_ON crash in linux 4.7-rc6/master skbuff.c]
More information about the Secure-testing-commits
mailing list