[Secure-testing-commits] r46591 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Nov 27 06:34:03 UTC 2016
Author: carnil
Date: 2016-11-27 06:34:03 +0000 (Sun, 27 Nov 2016)
New Revision: 46591
Modified:
data/CVE/list
Log:
Add note for CVE-2016-9262
Additionally adjust tag for wheezy, since either no-dsa because issue
present and minor, or not-affected, if issue is really not present in
wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-27 06:33:53 UTC (rev 46590)
+++ data/CVE/list 2016-11-27 06:34:03 UTC (rev 46591)
@@ -1472,9 +1472,13 @@
CVE-2016-9262 [use after free in jas_realloc (jas_malloc.c)]
RESERVED
- jasper <removed>
- [wheezy] - jasper <no-dsa> (Vulnerable code introduced later)
+ [wheezy] - jasper <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
+ NOTE: The use-afer-free seems to be introduced in a version later tha 1.900.1 but the
+ NOTE: CVE is assigned for everytihng fixed in the above commit, a such seems till
+ NOTE: present in the 1.900.1 based versions.
NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
+ TODO: double-check again
CVE-2016-9258
RESERVED
CVE-2016-9257
More information about the Secure-testing-commits
mailing list