[Secure-testing-commits] r46272 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-11-17 11:41:18 +0000 (Thu, 17 Nov 2016)
New Revision: 46272

Modified:
   data/CVE/list
Log:
Add CVE-2016-9391/jasper

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-11-17 11:39:26 UTC (rev 46271)
+++ data/CVE/list	2016-11-17 11:41:18 UTC (rev 46272)
@@ -1,3 +1,7 @@
+CVE-2016-9391 [jpc_bs.c:197: long jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion `n >= 0 && n < 32' failed.]
+	- jasper <removed>
+	NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
+	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
 CVE-2016-9390 [jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.]
 	- jasper <removed>
 	NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865