[Secure-testing-commits] r47861 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jan 10 06:11:08 UTC 2017
Author: carnil
Date: 2017-01-10 06:11:08 +0000 (Tue, 10 Jan 2017)
New Revision: 47861
Modified:
data/CVE/list
Log:
Add followup entry for CVE-2017-5208 and another issue in icoutils
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-10 06:06:03 UTC (rev 47860)
+++ data/CVE/list 2017-01-10 06:11:08 UTC (rev 47861)
@@ -516,6 +516,14 @@
CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic ...)
- borgbackup 1.0.9-1
NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
+CVE-2017-XXXX [prevent access to unallocated memory in wrestool]
+ - icoutils <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
+ NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
+ NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
+CVE-2017-XXXX [incomplete fix for CVE-2017-5208; make check_offset more stringent]
+ - icoutils <unfixed>
+ NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
CVE-2017-5208 [wrestool: exploitable crash]
{DSA-3756-1}
- icoutils 0.31.0-4 (bug #850017)
More information about the Secure-testing-commits
mailing list