[Secure-testing-commits] r48111 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Mon Jan 16 19:53:58 UTC 2017
Author: anarcat
Date: 2017-01-16 19:53:58 +0000 (Mon, 16 Jan 2017)
New Revision: 48111
Modified:
data/CVE/list
Log:
make CVE-2016-9830 as no-dsa on wheezy, add details about fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-16 18:34:43 UTC (rev 48110)
+++ data/CVE/list 2017-01-16 19:53:58 UTC (rev 48111)
@@ -6159,6 +6159,8 @@
RESERVED
{DSA-3746-1}
- graphicsmagick 1.3.25-6 (bug #847055)
+ [wheezy] - graphicsmagick <no-dsa> (fix too intrusive, depends on jan 15th magickresources changes)
+ NOTE: upstream patch requires major refactor from jan 2015, see https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at
NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
CVE-2016-9829 [listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)]
More information about the Secure-testing-commits
mailing list