[Secure-testing-commits] r58366 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 8 17:53:42 UTC 2017
Author: carnil
Date: 2017-12-08 17:53:42 +0000 (Fri, 08 Dec 2017)
New Revision: 58366
Modified:
data/CVE/list
Log:
Two optipng issues fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-08 16:36:08 UTC (rev 58365)
+++ data/CVE/list 2017-12-08 17:53:42 UTC (rev 58366)
@@ -3771,7 +3771,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...)
{DLA-1196-1}
- - optipng <unfixed> (bug #878839)
+ - optipng 0.7.6-1.1 (bug #878839)
NOTE: https://sourceforge.net/p/optipng/bugs/69/
CVE-2017-16937
RESERVED
@@ -4159,7 +4159,7 @@
NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
{DLA-1184-1}
- - optipng <unfixed> (bug #882032)
+ - optipng 0.7.6-1.1 (bug #882032)
NOTE: https://sourceforge.net/p/optipng/bugs/65/
NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...)
More information about the Secure-testing-commits
mailing list