[Secure-testing-commits] r50849 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Thu Apr 20 13:36:22 UTC 2017


Author: hertzog
Date: 2017-04-20 13:36:22 +0000 (Thu, 20 Apr 2017)
New Revision: 50849

Modified:
   data/CVE/list
Log:
Add details on CVE-2017-7948

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-20 13:10:23 UTC (rev 50848)
+++ data/CVE/list	2017-04-20 13:36:22 UTC (rev 50849)
@@ -63,10 +63,12 @@
 CVE-2017-7949
 	RESERVED
 CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...)
-	- ghostscript <undetermined>
+	- ghostscript <unfixed>
+	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
+	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
-	TODO: check
+	NOTE: The problem lies in base/gxscanc.c, a new scan converter introduced in 9.20. However I can't reproduce the segfault with 9.20~dfsg-3 on sid/amd64. -- Raphael Hertzog
 CVE-2017-7947
 	RESERVED
 CVE-2016-10347




More information about the Secure-testing-commits mailing list