[Secure-testing-commits] r48467 - data/CVE
Balint Reczey
rbalint at moszumanska.debian.org
Sat Jan 28 09:18:43 UTC 2017
Author: rbalint
Date: 2017-01-28 09:18:43 +0000 (Sat, 28 Jan 2017)
New Revision: 48467
Modified:
data/CVE/list
Log:
libgd2's CVE-2016-6912 and CVE-2016-6906 don't affect wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-28 09:11:38 UTC (rev 48466)
+++ data/CVE/list 2017-01-28 09:18:43 UTC (rev 48467)
@@ -21918,6 +21918,7 @@
NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD ...)
- libgd2 2.2.4-1
+ [wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-6910 (The non-existent notification listener vulnerability was introduced in ...)
TODO: check
@@ -21930,6 +21931,7 @@
CVE-2016-6906 [OOB reads of the TGA decompression buffer]
RESERVED
- libgd2 2.2.4-1
+ [wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
NOTE: Fixed by: https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
CVE-2016-6904
More information about the Secure-testing-commits
mailing list