[Secure-testing-commits] r45802 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 31 15:14:41 UTC 2016
Author: carnil
Date: 2016-10-31 15:14:41 +0000 (Mon, 31 Oct 2016)
New Revision: 45802
Modified:
data/CVE/list
Log:
Update for CVE-2016-7971, still disputed and not decision on reject of CVE yet, mark as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-31 14:58:59 UTC (rev 45801)
+++ data/CVE/list 2016-10-31 15:14:41 UTC (rev 45802)
@@ -3519,12 +3519,14 @@
NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
CVE-2016-7971
RESERVED
- - libass <unfixed> (bug #840338)
+ - libass <unfixed> (bug #840338; unimportant)
NOTE: The "third issue" is the DoS issue as per https://github.com/libass/libass/pull/240 with
NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have fix upstream
NOTE: According to https://github.com/libass/libass/pull/240 the person reported the problem actually
NOTE: claim that the problem is not in libass. Therefore shouldn't we state that libass is not affected?
NOTE: Should probably be REJECTED, asked MITRE in http://www.openwall.com/lists/oss-security/2016/10/27/5
+ NOTE: CVE assignment still disputed, only leads to a crash when compiled with ASAN
+ NOTE: otherwise takes a long time but finishes parsing the input.
CVE-2016-7970
RESERVED
- libass 0.13.4-1
More information about the Secure-testing-commits
mailing list