[Secure-testing-commits] r45848 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Nov 1 19:12:28 UTC 2016
Author: carnil
Date: 2016-11-01 19:12:27 +0000 (Tue, 01 Nov 2016)
New Revision: 45848
Modified:
data/CVE/list
Log:
Update status for CVE-2016-7971/libass
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-01 18:58:56 UTC (rev 45847)
+++ data/CVE/list 2016-11-01 19:12:27 UTC (rev 45848)
@@ -3626,10 +3626,11 @@
NOTE: The "third issue" is the DoS issue as per https://github.com/libass/libass/pull/240 with
NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have fix upstream
NOTE: According to https://github.com/libass/libass/pull/240 the person reported the problem actually
- NOTE: claim that the problem is not in libass. Therefore shouldn't we state that libass is not affected?
- NOTE: Should probably be REJECTED, asked MITRE in http://www.openwall.com/lists/oss-security/2016/10/27/5
- NOTE: CVE assignment still disputed, only leads to a crash when compiled with ASAN
- NOTE: otherwise takes a long time but finishes parsing the input.
+ NOTE: CVE is disputed, but still assigned to src:libass. Given the circumstances
+ NOTE: mark as unimportant since not affecting the produced binary packages unless
+ NOTE: it would have been compiled with ASAN.
+ NOTE: Only leads to a crash when compiled with ASAN, otherwise takes a long time,
+ NOTE: but still finished parsing the input.
CVE-2016-7970
RESERVED
- libass 0.13.4-1
More information about the Secure-testing-commits
mailing list