[Secure-testing-commits] r51107 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Thu Apr 27 16:56:37 UTC 2017
Author: hertzog
Date: 2017-04-27 16:56:37 +0000 (Thu, 27 Apr 2017)
New Revision: 51107
Modified:
data/CVE/list
Log:
Mark CVE-2016-8686 as no-dsa on wheezy and add fixed version
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-27 15:04:47 UTC (rev 51106)
+++ data/CVE/list 2017-04-27 16:56:37 UTC (rev 51107)
@@ -25449,9 +25449,13 @@
NOTE: already have root privileges could induce systemd to send messages
NOTE: that would trigger the format string vulnerability.
CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote ...)
- - potrace <unfixed> (low; bug #850595)
+ - potrace 1.14-1 (low; bug #850595)
[jessie] - potrace <no-dsa> (Minor issue)
+ [wheezy] - potrace <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
+ NOTE: http://potrace.sourceforge.net/ChangeLog claims that it's fixed in 1.14
+ NOTE: There's no public repository so patch is hard to extract.
+ NOTE: I asked the patch to the upstream author. -- Raphael Hertzog
CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote ...)
{DLA-889-1}
- potrace 1.13-3 (bug #843861)
More information about the Secure-testing-commits
mailing list