[Secure-testing-commits] r45025 - data/CVE

Nicholas Luedtke nluedtke-guest at moszumanska.debian.org
Tue Oct 4 14:34:55 UTC 2016


Author: nluedtke-guest
Date: 2016-10-04 14:34:55 +0000 (Tue, 04 Oct 2016)
New Revision: 45025

Modified:
   data/CVE/list
Log:
Add openjpeg2 to CVE-2016-5139

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-04 14:20:45 UTC (rev 45024)
+++ data/CVE/list	2016-10-04 14:34:55 UTC (rev 45025)
@@ -10469,8 +10469,11 @@
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 CVE-2016-5139 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c ...)
 	{DSA-3645-1}
+	- openjpeg2 2.1.2-1
 	- chromium-browser 52.0.2743.116-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+	NOTE: Fixed in Google with: https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d
+	NOTE: https://github.com/uclouvain/openjpeg/pull/819
 CVE-2016-5138 (Integer overflow in the kbasep_vinstr_attach_client function in ...)
 	TODO: check
 CVE-2016-5137 (The CSPSource::schemeMatches function in ...)




More information about the Secure-testing-commits mailing list