[Secure-testing-commits] r50849 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Apr 20 13:36:22 UTC 2017
Author: hertzog
Date: 2017-04-20 13:36:22 +0000 (Thu, 20 Apr 2017)
New Revision: 50849
Modified:
data/CVE/list
Log:
Add details on CVE-2017-7948
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-20 13:10:23 UTC (rev 50848)
+++ data/CVE/list 2017-04-20 13:36:22 UTC (rev 50849)
@@ -63,10 +63,12 @@
CVE-2017-7949
RESERVED
CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...)
- - ghostscript <undetermined>
+ - ghostscript <unfixed>
+ [jessie] - ghostscript <not-affected> (Vulnerable code not present)
+ [wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
- TODO: check
+ NOTE: The problem lies in base/gxscanc.c, a new scan converter introduced in 9.20. However I can't reproduce the segfault with 9.20~dfsg-3 on sid/amd64. -- Raphael Hertzog
CVE-2017-7947
RESERVED
CVE-2016-10347
More information about the Secure-testing-commits
mailing list