[Secure-testing-commits] r45405 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 17 18:15:18 UTC 2016
Author: carnil
Date: 2016-10-17 18:15:17 +0000 (Mon, 17 Oct 2016)
New Revision: 45405
Modified:
data/CVE/list
Log:
Add bug references for jasper issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-17 17:51:27 UTC (rev 45404)
+++ data/CVE/list 2016-10-17 18:15:17 UTC (rev 45405)
@@ -44,18 +44,18 @@
NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
TODO: check
CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
- - jasper <unfixed>
+ - jasper <unfixed> (bug #841110)
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
- - jasper <unfixed>
+ - jasper <unfixed> (bug #841111)
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
- - jasper <unfixed>
+ - jasper <unfixed> (bug #841111)
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
- - jasper <unfixed>
+ - jasper <unfixed> (bug #841112)
NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
CVE-2016-8689
More information about the Secure-testing-commits
mailing list