[Secure-testing-commits] r50730 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Apr 17 18:42:33 UTC 2017
Author: carnil
Date: 2017-04-17 18:42:33 +0000 (Mon, 17 Apr 2017)
New Revision: 50730
Modified:
data/CVE/list
Log:
Correct affected versions for CVE-2017-7864
CFF2 support introduced in 2.7.1 only, as such the issue appear only
from 2.7.1 onwards. Mark as correctly noted for the wheezy triage, and
mark freetype as not-affected for all suites (experimental still tracked
via the BTS bug #860313)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-17 17:34:35 UTC (rev 50729)
+++ data/CVE/list 2017-04-17 18:42:33 UTC (rev 50730)
@@ -72,8 +72,7 @@
- libav <undetermined>
NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a ...)
- - freetype <unfixed> (bug #860313)
- [wheezy] - freetype <not-affected> (CFF2 support was introduced later)
+ - freetype <not-affected> (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...)
More information about the Secure-testing-commits
mailing list