[Secure-testing-commits] r45522 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 23 11:06:28 UTC 2016
Author: carnil
Date: 2016-10-23 11:06:23 +0000 (Sun, 23 Oct 2016)
New Revision: 45522
Modified:
data/CVE/list
Log:
Add three more CVEs for jasper
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-23 11:00:51 UTC (rev 45521)
+++ data/CVE/list 2016-10-23 11:06:23 UTC (rev 45522)
@@ -19,6 +19,19 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
- sendmail <unfixed> (bug #841257)
+CVE-2016-8883 [assert in jpc_dec_tiledecode()]
+ - jasper <unfixed>
+ NOTE: https://github.com/mdadams/jasper/issues/32
+CVE-2016-8882 [segfault / null pointer access in jpc_pi_destroy]
+ - jasper <unfixed>
+ NOTE: https://github.com/mdadams/jasper/issues/30
+ NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
+CVE-2016-8881 [Heap overflow in jpc_getuint16()]
+ - jasper <unfixed>
+ NOTE: https://github.com/mdadams/jasper/issues/29
+CVE-2016-8880 [Heap overflow in jpc_dec_cp_setfromcox()]
+ - jasper <unfixed>
+ NOTE: https://github.com/mdadams/jasper/issues/28
CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)]
- imagemagick <not-affected>
NOTE: For incomplete fix of CVE-2016-8862
More information about the Secure-testing-commits
mailing list