[Secure-testing-commits] r50926 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-04-22 16:01:36 +0000 (Sat, 22 Apr 2017)
New Revision: 50926

Modified:
   data/CVE/list
Log:
Add references for libcroco CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-22 15:42:07 UTC (rev 50925)
+++ data/CVE/list	2017-04-22 16:01:36 UTC (rev 50926)
@@ -198,8 +198,12 @@
 	NOT-FOR-US: ImageWorsener
 CVE-2017-7961 (The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and ...)
 	- libcroco <unfixed>
+	NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
+	NOTE: https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
 CVE-2017-7960 (The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and ...)
 	- libcroco <unfixed>
+	NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
+	NOTE: https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
 CVE-2017-7959
 	RESERVED
 CVE-2017-7958