[Secure-testing-commits] r45526 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Oct 23 11:12:15 UTC 2016
Author: carnil
Date: 2016-10-23 11:12:14 +0000 (Sun, 23 Oct 2016)
New Revision: 45526
Modified:
data/CVE/list
Log:
Update entries for CVE-2016-888{4,5}/jasper
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-23 11:08:58 UTC (rev 45525)
+++ data/CVE/list 2016-10-23 11:12:14 UTC (rev 45526)
@@ -20,6 +20,12 @@
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
- sendmail <unfixed> (bug #841257)
+CVE-2016-8885
+ - jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
+ NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
+CVE-2016-8884
+ - jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
+ NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8883 [assert in jpc_dec_tiledecode()]
- jasper <unfixed>
NOTE: https://github.com/mdadams/jasper/issues/32
@@ -156,6 +162,8 @@
- jasper <unfixed> (bug #841112)
NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
+ NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and
+ NOTE: CVE-2016-8885.
CVE-2016-8689
RESERVED
{DLA-661-1}
More information about the Secure-testing-commits
mailing list