[Secure-testing-commits] r48546 - in data: . CVE
Guido Guenther
agx at moszumanska.debian.org
Mon Jan 30 06:02:46 UTC 2017
Author: agx
Date: 2017-01-30 06:02:46 +0000 (Mon, 30 Jan 2017)
New Revision: 48546
Modified:
data/CVE/list
data/dla-needed.txt
Log:
lts: triage wavpack
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-30 05:52:55 UTC (rev 48545)
+++ data/CVE/list 2017-01-30 06:02:46 UTC (rev 48546)
@@ -70,6 +70,7 @@
NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
CVE-2016-10172 [heap oob read in read_new_config_info / open_utils.c]
- wavpack <unfixed> (bug #853076)
+ [wheezy] - wavpack <not-affected> (Vulnerable code not present)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10171 [heap out of bounds read in unreorder_channels / wvunpack.c]
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-01-30 05:52:55 UTC (rev 48545)
+++ data/dla-needed.txt 2017-01-30 06:02:46 UTC (rev 48546)
@@ -109,6 +109,11 @@
--
qemu-kvm (Guido Günther)
--
+wavpack
+ NOTE: the provided testcases don't crash but this hunk
+ NOTE: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc#diff-bc1807cb462afb05056502f77834c6ebR291
+ NOTE: is missing in the wheezy version
+--
wireshark (Balint Reczey)
--
wordpress (Markus Koschany)
More information about the Secure-testing-commits
mailing list