[Secure-testing-commits] r44801 - data/CVE

[Nicholas Luedtke]

Author: nluedtke-guest
Date: 2016-09-21 18:22:09 +0000 (Wed, 21 Sep 2016)
New Revision: 44801

Modified:
   data/CVE/list
Log:
Clean up CVE-2016-162{6,8} add openjpeg2 where vulnerable code exists

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-21 18:13:51 UTC (rev 44800)
+++ data/CVE/list	2016-09-21 18:22:09 UTC (rev 44801)
@@ -21463,10 +21463,14 @@
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...)
 	{DSA-3486-1}
-	- openjpeg <undetermined>
+	- openjpeg <removed>
+	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
+	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
+	- openjpeg2 <unfixed>
 	- chromium-browser 48.0.2564.116-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
+	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
 CVE-2016-1627 (The Developer Tools (aka DevTools) subsystem in Google Chrome before ...)
 	{DSA-3486-1}
 	- chromium-browser 48.0.2564.116-1
@@ -21478,9 +21482,11 @@
 	- openjpeg <removed>
 	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
 	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
+	- openjpeg2 <unfixed>
 	- chromium-browser 48.0.2564.116-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
+	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
 CVE-2016-1625 (The Chrome Instant feature in Google Chrome before 48.0.2564.109 does ...)
 	{DSA-3486-1}
 	- chromium-browser 48.0.2564.116-1