[Secure-testing-commits] r47886 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Jan 11 05:30:21 UTC 2017 

Author: carnil
Date: 2017-01-11 05:30:19 +0000 (Wed, 11 Jan 2017)
New Revision: 47886

Modified:
   data/CVE/list
Log:
CVEs for icoutils assigned

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-11 05:26:02 UTC (rev 47885)
+++ data/CVE/list	2017-01-11 05:30:19 UTC (rev 47886)
@@ -777,16 +777,23 @@
 CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic ...)
 	- borgbackup 1.0.9-1
 	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
-CVE-2017-XXXX [prevent access to unallocated memory in wrestool]
+CVE-2017-5333
 	- icoutils 0.31.1-1
+	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
+	NOTE: CVE for "the separate vulnerability fixed by the introduction of the "size >= sizeof(uint16_t)*2" test in
+	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a"
+CVE-2017-5332
+	- icoutils 0.31.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/10/4
-CVE-2017-XXXX [make check_offset more stringent]
+	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
+	NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in
+	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
+CVE-2017-5331 [make check_offset more stringent]
 	- icoutils 0.31.1-1
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/10/4
+	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
 CVE-2017-5208 [wrestool: exploitable crash]
 	RESERVED
 	{DSA-3756-1}

More information about the Secure-testing-commits mailing list