[Secure-testing-commits] r55277 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Aug 30 21:41:30 UTC 2017 

Author: jmm
Date: 2017-08-30 21:41:30 +0000 (Wed, 30 Aug 2017)
New Revision: 55277

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
new openjpeg2 issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-30 21:40:58 UTC (rev 55276)
+++ data/CVE/list	2017-08-30 21:41:30 UTC (rev 55277)
@@ -597,13 +597,28 @@
 CVE-2017-13754
 	RESERVED
 CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in ...)
-	TODO: check
+	- openjpeg2 <unfixed>
+	NOTE: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8
+	NOTE: https://github.com/uclouvain/openjpeg/issues/833
 CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, ...)
-	TODO: check
+	- openjpeg2 <unfixed> (unimportant)
+	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
+	NOTE: https://github.com/uclouvain/openjpeg/issues/731
+	NOTE: https://github.com/uclouvain/openjpeg/issues/732
+	NOTE: https://github.com/uclouvain/openjpeg/issues/777
+	NOTE: https://github.com/uclouvain/openjpeg/issues/778
+	NOTE: https://github.com/uclouvain/openjpeg/issues/779
+	NOTE: https://github.com/uclouvain/openjpeg/issues/780
 CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...)
-	TODO: check
+	- openjpeg2 <unfixed> (unimportant)
+	NOTE: https://github.com/uclouvain/openjpeg/issues/776
+	NOTE: https://github.com/uclouvain/openjpeg/issues/784
+	NOTE: https://github.com/uclouvain/openjpeg/issues/785
+	NOTE: https://github.com/uclouvain/openjpeg/issues/792
 CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...)
-	TODO: check
+	- openjpeg2 <unfixed>
+	NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
+	NOTE: https://github.com/uclouvain/openjpeg/issues/835
 CVE-2017-13753
 	REJECTED
 CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-08-30 21:40:58 UTC (rev 55276)
+++ data/dsa-needed.txt	2017-08-30 21:41:30 UTC (rev 55277)
@@ -62,6 +62,8 @@
   2017-08-13: jcristau provided stretch debdiff, jessie to come a bit
               later
 --
+openjpeg2
+--
 php-horde-image
 --
 php5

More information about the Secure-testing-commits mailing list