[Secure-testing-commits] r55277 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Aug 30 21:41:30 UTC 2017
Author: jmm
Date: 2017-08-30 21:41:30 +0000 (Wed, 30 Aug 2017)
New Revision: 55277
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
new openjpeg2 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-30 21:40:58 UTC (rev 55276)
+++ data/CVE/list 2017-08-30 21:41:30 UTC (rev 55277)
@@ -597,13 +597,28 @@
CVE-2017-13754
RESERVED
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in ...)
- TODO: check
+ - openjpeg2 <unfixed>
+ NOTE: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8
+ NOTE: https://github.com/uclouvain/openjpeg/issues/833
CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, ...)
- TODO: check
+ - openjpeg2 <unfixed> (unimportant)
+ NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
+ NOTE: https://github.com/uclouvain/openjpeg/issues/731
+ NOTE: https://github.com/uclouvain/openjpeg/issues/732
+ NOTE: https://github.com/uclouvain/openjpeg/issues/777
+ NOTE: https://github.com/uclouvain/openjpeg/issues/778
+ NOTE: https://github.com/uclouvain/openjpeg/issues/779
+ NOTE: https://github.com/uclouvain/openjpeg/issues/780
CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...)
- TODO: check
+ - openjpeg2 <unfixed> (unimportant)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/776
+ NOTE: https://github.com/uclouvain/openjpeg/issues/784
+ NOTE: https://github.com/uclouvain/openjpeg/issues/785
+ NOTE: https://github.com/uclouvain/openjpeg/issues/792
CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...)
- TODO: check
+ - openjpeg2 <unfixed>
+ NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
+ NOTE: https://github.com/uclouvain/openjpeg/issues/835
CVE-2017-13753
REJECTED
CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-08-30 21:40:58 UTC (rev 55276)
+++ data/dsa-needed.txt 2017-08-30 21:41:30 UTC (rev 55277)
@@ -62,6 +62,8 @@
2017-08-13: jcristau provided stretch debdiff, jessie to come a bit
later
--
+openjpeg2
+--
php-horde-image
--
php5
More information about the Secure-testing-commits
mailing list