[Secure-testing-commits] r49202 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Feb 25 10:03:52 UTC 2017
Author: carnil
Date: 2017-02-25 10:03:52 +0000 (Sat, 25 Feb 2017)
New Revision: 49202
Modified:
data/CVE/list
Log:
Update jessie status for radare2, add NOTE
Note for reviewers: Since the CVE assignment though is specific to the
r_read_* functions we actually might want to mark this as <not-affected>
(Vulnerable code introduced in 0.10.3).
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-25 09:18:59 UTC (rev 49201)
+++ data/CVE/list 2017-02-25 10:03:52 UTC (rev 49202)
@@ -285,8 +285,13 @@
RESERVED
CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 ...)
- radare2 <unfixed> (bug #856063)
+ [jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/6816
NOTE: Fixed by: https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
+ NOTE: Although the respective new versions were only introduced in 0.10.3
+ NOTE: The NULL pointer dereferences are still triggerable, via the shown
+ NOTE: vector and seen under valgrind. It might be disputable if that is the
+ NOTE: same vulnerability though.
CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin ...)
- ghostscript <unfixed>
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596
More information about the Secure-testing-commits
mailing list