[Secure-testing-commits] r45980 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Nov 5 09:00:39 UTC 2016 

Author: jmm
Date: 2016-11-05 09:00:38 +0000 (Sat, 05 Nov 2016)
New Revision: 45980

Modified:
   data/CVE/list
Log:
jasper removed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-04 21:39:22 UTC (rev 45979)
+++ data/CVE/list	2016-11-05 09:00:38 UTC (rev 45980)
@@ -1152,7 +1152,7 @@
 	NOTE: is very similar.
 	NOTE: https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
 CVE-2016-XXXX [heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)]
-	- jasper <unfixed>
+	- jasper <removed>
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode
@@ -1163,7 +1163,7 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
 CVE-2016-8887 [NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)]
 	RESERVED
-	- jasper <unfixed>
+	- jasper <removed>
 	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d (version-1.900.10)
 	NOTE: When fixing this issue look at the followup report
@@ -1171,7 +1171,7 @@
 	NOTE: and include the fix to not make jasper vulnerable to the incomplete fix.
 CVE-2016-8886 [memory allocation failure in jas_malloc (jas_malloc.c)]
 	RESERVED
-	- jasper <unfixed> (low)
+	- jasper <removed> (low)
 	[jessie] - jasper <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
 CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
@@ -1186,21 +1186,21 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
 CVE-2016-8883 [assert in jpc_dec_tiledecode()]
 	RESERVED
-	- jasper <unfixed>
+	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/32
 	NOTE: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
 CVE-2016-8882 [segfault / null pointer access in jpc_pi_destroy]
 	RESERVED
-	- jasper <unfixed>
+	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/30
 	NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
 CVE-2016-8881 [Heap overflow in jpc_getuint16()]
 	RESERVED
-	- jasper <unfixed>
+	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/29
 CVE-2016-8880 [Heap overflow in jpc_dec_cp_setfromcox()]
 	RESERVED
-	- jasper <unfixed>
+	- jasper <removed>
 	NOTE: https://github.com/mdadams/jasper/issues/28
 CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)]
 	RESERVED
@@ -1334,22 +1334,22 @@
 	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
 CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
 	RESERVED
-	- jasper <unfixed> (bug #841110)
+	- jasper <removed> (bug #841110)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
 	NOTE: https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
 CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
 	RESERVED
-	- jasper <unfixed> (low; bug #841111)
+	- jasper <removed> (low; bug #841111)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
 CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
 	RESERVED
-	- jasper <unfixed> (bug #841111)
+	- jasper <removed> (bug #841111)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
 	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
 CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
 	RESERVED
-	- jasper <unfixed> (low; bug #841112)
+	- jasper <removed> (low; bug #841112)
 	[jessie] - jasper <no-dsa> (Minor issue)
 	NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
 	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
@@ -22664,7 +22664,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/7
 CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer ...)
 	{DSA-3508-1}
-	- jasper <unfixed> (bug #816626)
+	- jasper <removed> (bug #816626)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
 CVE-2016-2115 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before ...)
 	{DSA-3548-1}
@@ -22956,7 +22956,7 @@
 	NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
 CVE-2016-2089 (The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows ...)
 	{DSA-3508-1}
-	- jasper <unfixed> (bug #812978)
+	- jasper <removed> (bug #812978)
 	[squeeze] - jasper <no-dsa> (Minor issue)
 	NOTE: https://github.com/mdadams/jasper/commit/c87ad330a8b8d6e5eb0065675601fdfae08ebaab
 CVE-2016-2085 (The evm_verify_hmac function in security/integrity/evm/evm_main.c in ...)
@@ -24225,7 +24225,7 @@
 	NOTE: Fixed in 2.8.5 upstream
 	TODO: Recheck, the issue might be fixed incompletely, cf. #811519
 CVE-2016-1867 (The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...)
-	- jasper <unfixed> (bug #811023)
+	- jasper <removed> (bug #811023)
 	[jessie] - jasper <no-dsa> (Minor issue)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)
@@ -24799,7 +24799,7 @@
 	TODO: check
 CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
 	{DSA-3508-1}
-	- jasper <unfixed> (bug #816625)
+	- jasper <removed> (bug #816625)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
 CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does ...)
 	- linux 4.5.1-1
@@ -39316,7 +39316,7 @@
 	NOT-FOR-US: OpenShift
 CVE-2015-5221 [use-after-free in mif_process_cmpt]
 	RESERVED
-	- jasper <unfixed> (bug #796253)
+	- jasper <removed> (bug #796253)
 	[jessie] - jasper <no-dsa> (Minor issue)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)
@@ -39383,7 +39383,7 @@
 	NOT-FOR-US: Apache Cordova Android File Transfer Plugin
 CVE-2015-5203 [double free triggered by jasper_image_stop_load function]
 	RESERVED
-	- jasper <unfixed> (bug #796107)
+	- jasper <removed> (bug #796107)
 	[jessie] - jasper <no-dsa> (Minor issue)
 	[wheezy] - jasper <no-dsa> (Minor issue)
 	[squeeze] - jasper <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list