[Secure-testing-commits] r44951 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Oct 1 04:05:34 UTC 2016 

Author: jmm
Date: 2016-10-01 04:05:34 +0000 (Sat, 01 Oct 2016)
New Revision: 44951

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
wget fixed
openjpeg2 fixed
rawtherapee fixed
darktable spu


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-01 04:02:48 UTC (rev 44950)
+++ data/CVE/list	2016-10-01 04:05:34 UTC (rev 44951)
@@ -2387,6 +2387,7 @@
 	- ffmpeg <unfixed> (unimportant)
 	NOTE: Non issue, will be rejected
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/25/2
+	NOTE: To be rejected
 CVE-2016-7552
 	RESERVED
 CVE-2016-7549 (Google Chrome before 53.0.2785.113 does not ensure that the recipient ...)
@@ -2600,10 +2601,9 @@
 	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
 CVE-2016-7445 [openjpeg null ptr dereference]
 	RESERVED
-	- openjpeg2 <unfixed> (bug #838690)
+	- openjpeg2 2.1.2-1 (bug #838690)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/843
 	NOTE: PoC: https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
-	TODO: check possibly openjpeg
 CVE-2016-7443
 	RESERVED
 CVE-2016-7442
@@ -3397,7 +3397,7 @@
 	NOTE: Fixed upstream in 1.1.1.
 CVE-2016-7163 (Integer overflow in the opj_pi_create_decode function in pi.c in ...)
 	{DSA-3665-1}
-	- openjpeg2 <unfixed> (bug #837604)
+	- openjpeg2 2.1.2-1 (bug #837604)
 	NOTE: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
 	NOTE: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
 CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congestion ...)
@@ -3694,7 +3694,7 @@
 CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules ...)
 	TODO: check
 CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or ...)
-	- wget <unfixed> (low; bug #836503)
+	- wget 1.18-4 (low; bug #836503)
 	[jessie] - wget <no-dsa> (Minor issue)
 	[wheezy] - wget <no-dsa> (Minor issue)
 	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
@@ -27421,7 +27421,7 @@
 	[jessie] - ufraw <no-dsa> (Minor issue)
 	[wheezy] - ufraw <not-affected> (Vulnerable code not present)
 	[squeeze] - ufraw <not-affected> (Vulnerable code not present)
-	- rawtherapee <unfixed>
+	- rawtherapee 4.2.1241-2
 	[jessie] - rawtherapee <no-dsa> (Minor issue)
 	[wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
 	[squeeze] - rawtherapee <not-affected> (Vulnerable code not present)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2016-10-01 04:02:48 UTC (rev 44950)
+++ data/next-point-update.txt	2016-10-01 04:05:34 UTC (rev 44951)
@@ -19,3 +19,5 @@
 CVE-2016-XXXX [Information disclosure vulnerability in buf.pl]
 	[jessie] - irssi 0.8.17-1+deb8u2
 	NOTE: For #838762
+CVE-2015-3885
+	[jessie] - darktable 1.4.2-1+deb8u1

More information about the Secure-testing-commits mailing list