[Secure-testing-commits] r48125 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jan 17 06:07:43 UTC 2017
Author: carnil
Date: 2017-01-17 06:07:42 +0000 (Tue, 17 Jan 2017)
New Revision: 48125
Modified:
data/CVE/list
Log:
Add new jasper issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-17 05:42:15 UTC (rev 48124)
+++ data/CVE/list 2017-01-17 06:07:42 UTC (rev 48125)
@@ -1,3 +1,23 @@
+CVE-2017-5502
+ - jasper <removed>
+ NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c
+ NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+CVE-2017-5501
+ - jasper <removed>
+ NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c
+ NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+CVE-2017-5500
+ - jasper <removed>
+ NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
+ NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+CVE-2017-5499
+ - jasper <removed>
+ NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c
+ NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+CVE-2017-5498
+ - jasper <removed>
+ NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
+ NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
CVE-2017-5506 [double free in profile]
- imagemagick <unfixed> (bug #851383)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
More information about the Secure-testing-commits
mailing list