[Secure-testing-commits] r48113 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jan 16 20:27:12 UTC 2017


Author: carnil
Date: 2017-01-16 20:27:11 +0000 (Mon, 16 Jan 2017)
New Revision: 48113

Modified:
   data/CVE/list
Log:
Update status for CVE-2016-888{0,1}/jasper

Requested by Tomas Hoger from Red Hat to be rejected as duplicates of
CVE-2011-451{6,7}. Keep fixing version and notes until that happened to
at least track the correct "fixing version".

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-16 20:18:49 UTC (rev 48112)
+++ data/CVE/list	2017-01-16 20:27:11 UTC (rev 48113)
@@ -15018,14 +15018,14 @@
 	NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
 CVE-2016-8881 [Heap overflow in jpc_getuint16()]
 	RESERVED
-	- jasper <removed>
-	[wheezy] - jasper <no-dsa> (no patch available for just this issue)
+	- jasper 1.900.1-13
 	NOTE: https://github.com/mdadams/jasper/issues/29
+	NOTE: Duplicate of CVE-2011-4517, cf https://github.com/mdadams/jasper/issues/29#issuecomment-267322934
 CVE-2016-8880 [Heap overflow in jpc_dec_cp_setfromcox()]
 	RESERVED
-	- jasper <removed>
-	[wheezy] - jasper <no-dsa> (no patch available for just this issue)
+	- jasper 1.900.1-13
 	NOTE: https://github.com/mdadams/jasper/issues/28
+	NOTE: Duplicate of CVE-2011-4516, cf https://github.com/mdadams/jasper/issues/28#issuecomment-267053875
 CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)]
 	RESERVED
 	{DLA-756-1}




More information about the Secure-testing-commits mailing list