[Secure-testing-commits] r45347 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 16 05:32:56 UTC 2016
Author: carnil
Date: 2016-10-16 05:32:54 +0000 (Sun, 16 Oct 2016)
New Revision: 45347
Modified:
data/CVE/list
Log:
Add jasper issues CVE-2016-869{0,1,2,3}
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-16 05:27:33 UTC (rev 45346)
+++ data/CVE/list 2016-10-16 05:32:54 UTC (rev 45347)
@@ -43,6 +43,15 @@
- potrace 1.13-1
NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
TODO: check
+CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
+ - jasper <unfixed>
+CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
+ - jasper <unfixed>
+CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
+ - jasper <unfixed>
+CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
+ - jasper <unfixed>
+ NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
CVE-2016-8670 [Stack Buffer Overflow in GD dynamicGetbuf]
{DSA-3693-1}
- libgd2 <unfixed> (bug #840805)
More information about the Secure-testing-commits
mailing list