[Secure-testing-commits] r50668 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Fri Apr 14 13:38:12 UTC 2017
Author: hertzog
Date: 2017-04-14 13:38:12 +0000 (Fri, 14 Apr 2017)
New Revision: 50668
Modified:
data/CVE/list
Log:
Add some data about CVE-2016-10317
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-14 13:37:29 UTC (rev 50667)
+++ data/CVE/list 2017-04-14 13:38:12 UTC (rev 50668)
@@ -1167,8 +1167,14 @@
[jessie] - horizon <not-affected> (Vulnerable code not present)
NOTE: https://launchpad.net/bugs/1667086
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex ...)
- - ghostscript <undetermined>
+ - ghostscript <unfixed>
+ [wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
+ NOTE: I got the reproducer file from the bug submitter and tried to reproduce it.
+ NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are
+ NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2
+ NOTE: and jessie 9.06~dfsg-2+deb8u4, we have no segfault and valgrind
+ NOTE: reports no buffer overrun. -- Raphael Hertzog
CVE-2017-1001000 (The register_routes function in ...)
- wordpress 4.7.2+dfsg-1
[jessie] - wordpress <not-affected> (Vulnerable code introduced after 4.4)
More information about the Secure-testing-commits
mailing list