[Secure-testing-commits] r58719 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Wed Dec 20 09:35:56 UTC 2017
Author: hertzog
Date: 2017-12-20 09:35:56 +0000 (Wed, 20 Dec 2017)
New Revision: 58719
Modified:
data/CVE/list
Log:
Add bug numbers for two gimp CVE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-20 09:28:35 UTC (rev 58718)
+++ data/CVE/list 2017-12-20 09:35:56 UTC (rev 58719)
@@ -163,7 +163,7 @@
NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
CVE-2017-17785 [gimp: Heap overflow in FLI import]
RESERVED
- - gimp <unfixed>
+ - gimp <unfixed> (bug #884836)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp <reproducerfile>"
CVE-2017-17786 [gimp: OOB read in TGA]
@@ -183,7 +183,7 @@
NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17789 [gimp: Heap overflow in PSP]
RESERVED
- - gimp <unfixed>
+ - gimp <unfixed> (bug #884837)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
NOTE: Cannot be reproduced in wheezy with "valgrind --trace-children=yes gimp <reproducerfile>"
NOTE: Some OOB read/write can be reproduced in sid with "valgrind --trace-children=yes gimp <reproducerfile>"
More information about the Secure-testing-commits
mailing list