[Secure-testing-commits] r47962 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jan 13 00:21:40 UTC 2017
Author: jmm
Date: 2017-01-13 00:21:40 +0000 (Fri, 13 Jan 2017)
New Revision: 47962
Modified:
data/CVE/list
Log:
several openjpeg issues unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-12 23:50:19 UTC (rev 47961)
+++ data/CVE/list 2017-01-13 00:21:40 UTC (rev 47962)
@@ -13764,20 +13764,25 @@
- openjpeg2 <unfixed> (bug #844557)
NOTE: https://github.com/uclouvain/openjpeg/issues/861
CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in ...)
- - openjpeg2 <unfixed> (bug #844556)
+ - openjpeg2 <unfixed> (unimportant; bug #844556)
NOTE: https://github.com/uclouvain/openjpeg/issues/860
+ NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in ...)
- - openjpeg2 <unfixed> (bug #844555)
+ - openjpeg2 <unfixed> (unimportant; bug #844555)
NOTE: https://github.com/uclouvain/openjpeg/issues/859
+ NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...)
- - openjpeg2 <unfixed> (bug #844554)
+ - openjpeg2 <unfixed> (unimportant; bug #844554)
NOTE: https://github.com/uclouvain/openjpeg/issues/858
+ NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of ...)
- - openjpeg2 <unfixed> (bug #844553)
+ - openjpeg2 <unfixed> (unimportant; bug #844553)
NOTE: https://github.com/uclouvain/openjpeg/issues/857
+ NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of ...)
- - openjpeg2 <unfixed> (bug #844552)
+ - openjpeg2 <unfixed> (unimportant; bug #844552)
NOTE: https://github.com/uclouvain/openjpeg/issues/856
+ NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
- openjpeg2 <unfixed> (bug #844551)
NOTE: https://github.com/uclouvain/openjpeg/issues/855
@@ -18856,7 +18861,6 @@
RESERVED
CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...)
- php7.0 7.0.12-1
- - php5 <undetermined>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
@@ -18956,9 +18960,10 @@
NOTE: which remained present in the 1.3.24 release (and was not fixed until 1.3.25)
NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
CVE-2016-7445 (convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...)
- - openjpeg2 2.1.2-1 (bug #838690)
+ - openjpeg2 2.1.2-1 (unimportant; bug #838690)
NOTE: https://github.com/uclouvain/openjpeg/issues/843
NOTE: PoC: https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
+ NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-7443
RESERVED
CVE-2016-7442 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
More information about the Secure-testing-commits
mailing list