[Secure-testing-commits] r55290 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Aug 31 07:10:56 UTC 2017
Author: carnil
Date: 2017-08-31 07:10:56 +0000 (Thu, 31 Aug 2017)
New Revision: 55290
Modified:
data/CVE/list
Log:
Update openjpeg2 entries: add upstream issue and CVE assigned
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-31 07:08:54 UTC (rev 55289)
+++ data/CVE/list 2017-08-31 07:10:56 UTC (rev 55290)
@@ -796,18 +796,21 @@
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
-CVE-2017-XXXX [stack-based buffer overflow write in pgxtoimage]
+CVE-2017-14041 [stack-based buffer overflow write in pgxtoimage]
- openjpeg2 <unfixed>
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
-CVE-2017-XXXX [invalid memory write in tgatoimage]
+ NOTE: https://github.com/uclouvain/openjpeg/issues/997
+CVE-2017-14040 [invalid memory write in tgatoimage]
- openjpeg2 <unfixed>
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
-CVE-2017-XXXX [heap-based buffer overflow in opj_t2_encode_packet]
+ NOTE: https://github.com/uclouvain/openjpeg/issues/995
+CVE-2017-14039 [heap-based buffer overflow in opj_t2_encode_packet]
- openjpeg2 <unfixed>
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
+ NOTE: https://github.com/uclouvain/openjpeg/issues/992
CVE-2017-XXXX [memory allocation failure in MagickRealloc]
- graphicsmagick <unfixed> (unimportant; bug #873538)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
More information about the Secure-testing-commits
mailing list