[Secure-testing-commits] r45970 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Fri Nov 4 09:27:25 UTC 2016
Author: agx
Date: 2016-11-04 09:27:25 +0000 (Fri, 04 Nov 2016)
New Revision: 45970
Modified:
data/CVE/list
Log:
lts: triage libwebp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-04 09:10:12 UTC (rev 45969)
+++ data/CVE/list 2016-11-04 09:27:25 UTC (rev 45970)
@@ -348,9 +348,11 @@
CVE-2016-9085 [Several integer overflows]
RESERVED
- libwebp <unfixed> (bug #842714)
+ [wheezy] - libwebp <not-affected> (vulnerable code not present)
NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)
NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c
+ NOTE: Origin of the file seems to be from libav
TODO: check other projects
CVE-2016-9084 [... "kzalloc is changed to a kcalloc."]
RESERVED
More information about the Secure-testing-commits
mailing list