[Secure-testing-commits] r44453 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Sep 9 16:14:11 UTC 2016
Author: jmm
Date: 2016-09-09 16:14:10 +0000 (Fri, 09 Sep 2016)
New Revision: 44453
Modified:
data/CVE/list
Log:
openjpeg no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-09 14:47:52 UTC (rev 44452)
+++ data/CVE/list 2016-09-09 16:14:10 UTC (rev 44453)
@@ -12906,7 +12906,8 @@
NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function]
RESERVED
- - openjpeg2 2.1.1-1 (bug #818399)
+ - openjpeg2 2.1.1-1 (low; bug #818399)
+ [jessie] - openjpeg2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
NOTE: https://github.com/uclouvain/openjpeg/issues/726
CVE-2016-3182 [Heap Corruption in opj_free function]
@@ -17291,6 +17292,7 @@
NOTE: https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e
CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function ...)
- openjpeg2 2.1.1-1 (bug #818399)
+ [jessie] - openjpeg2 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3]
RESERVED
NOT-FOR-US: KNOX 1.0 / Android 4.3
@@ -53574,8 +53576,9 @@
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- openjpeg2 2.1.1-1
+ [jessie] - openjpeg2 <no-dsa> (Minor issue)
NOTE: If backported to jessie, https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c needs to be included
- - openjpeg <undetermined>
+ - openjpeg <not-affected> (Vulnerable code not present)
CVE-2014-7946 (The RenderTable::simplifiedNormalFlowLayout function in ...)
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
More information about the Secure-testing-commits
mailing list