[Secure-testing-commits] r40419 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 16 20:53:37 UTC 2016 

Author: jmm
Date: 2016-03-16 20:53:37 +0000 (Wed, 16 Mar 2016)
New Revision: 40419

Modified:
   data/CVE/list
Log:
bug filed for openjpeg2


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-16 20:42:22 UTC (rev 40418)
+++ data/CVE/list	2016-03-16 20:53:37 UTC (rev 40419)
@@ -196,17 +196,17 @@
 	[wheezy] - flashrom <no-dsa> (Minor issue)
 	NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
 CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function]
-	- openjpeg2 <unfixed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/14
+	- openjpeg2 <unfixed> (bug #818399)
+	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
 	NOTE: https://github.com/uclouvain/openjpeg/issues/726
 CVE-2016-3182 [Heap Corruption in opj_free function]
-	- openjpeg2 <unfixed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/13
+	- openjpeg2 <unfixed> (bug #818399)
+	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
 	NOTE: https://github.com/uclouvain/openjpeg/issues/725
 	TODO: check, possibly as well src:openjpeg
 CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function]
-	- openjpeg2 <unfixed>
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/12
+	- openjpeg2 <unfixed> (bug #818399)
+	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12
 	NOTE: https://github.com/uclouvain/openjpeg/issues/724
 CVE-2016-XXXX [An invalid off by one read can happen in the function pr_fs_dircat()]
 	- proftpd-dfsg <undetermined>
@@ -4106,9 +4106,9 @@
 	- lha <removed> (unimportant)
 	NOTE: Non-free not supported
 CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote ...)
-	- openjpeg2 <unfixed>
+	- openjpeg2 <unfixed> (bug #818399)
 CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function ...)
-	- openjpeg2 <unfixed>
+	- openjpeg2 <unfixed> (bug #818399)
 CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3]
 	RESERVED
 	NOT-FOR-US: KNOX 1.0 / Android 4.3

More information about the Secure-testing-commits mailing list