[Secure-testing-commits] r45680 - in data: . CVE

Thu Oct 27 21:48:32 UTC 2016

Author: rbalint
Date: 2016-10-27 21:48:32 +0000 (Thu, 27 Oct 2016)
New Revision: 45680

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
add libwmf to dla-needed.txt

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-10-27 21:10:16 UTC (rev 45679)
+++ data/CVE/list	2016-10-27 21:48:32 UTC (rev 45680)
@@ -375,6 +375,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/9
 	NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
+	NOTE: Patch is available in bug #842090
 CVE-2016-8908
 	RESERVED
 CVE-2016-8907

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-10-27 21:10:16 UTC (rev 45679)
+++ data/dla-needed.txt	2016-10-27 21:48:32 UTC (rev 45680)
@@ -44,6 +44,9 @@
   https://marc.info/?l=oss-security&m=146685931517961&w=2 claims
   that 0.47 & 1.0 are affected and wheezy has 0.48.
 --
+libwmf
+  NOTE: Patch is available in bug #842090, probably needs NMU in unstable
+--
 libxml2 (Thorsten Alteholz)
 --
 linux


