[Secure-testing-commits] r48517 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Jan 29 11:02:04 UTC 2017
Author: carnil
Date: 2017-01-29 11:02:04 +0000 (Sun, 29 Jan 2017)
New Revision: 48517
Modified:
data/CVE/list
Log:
Add four CVEs for wavpack
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-29 10:51:48 UTC (rev 48516)
+++ data/CVE/list 2017-01-29 11:02:04 UTC (rev 48517)
@@ -52,6 +52,22 @@
RESERVED
CVE-2017-5589
RESERVED
+CVE-2016-10172 [heap oob read in read_new_config_info / open_utils.c]
+ - wavpack <unfixed>
+ NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
+ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
+CVE-2016-10171 [heap out of bounds read in unreorder_channels / wvunpack.c]
+ - wavpack <unfixed>
+ NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/
+ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
+CVE-2016-10170 [heap out of bounds read in WriteCaffHeader / caff.c]
+ - wavpack <unfixed>
+ NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/
+ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
+CVE-2016-10169 [global buffer overread in read_code / read_words.c]
+ - wavpack <unfixed>
+ NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
+ NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10166 [Fix potential unsigned underflow]
- libgd2 2.2.4-1
[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list