[Secure-testing-commits] r53433 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jul 13 06:07:18 UTC 2017
Author: jmm
Date: 2017-07-13 06:07:18 +0000 (Thu, 13 Jul 2017)
New Revision: 53433
Modified:
data/CVE/list
Log:
two poppler non issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-13 05:23:17 UTC (rev 53432)
+++ data/CVE/list 2017-07-13 06:07:18 UTC (rev 53433)
@@ -24295,11 +24295,16 @@
CVE-2017-2821
RESERVED
CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
- TODO: check
+ - poppler <unfixed> (unimportant)
+ NOTE: Debian uses openjpeg for processing JPEG 2000 images, this advisory is
+ NOTE: against Ubuntu, which disables openjpeg due to being in universe
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321
CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word ...)
NOT-FOR-US: Hancom Thinkfree Office NEO
CVE-2017-2818 (An exploitable heap overflow vulnerability exists in the image ...)
- TODO: check
+ - poppler <unfixed> (unimportant)
+ NOTE: Debian links against libjpeg which is unaffected
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing ...)
NOT-FOR-US: PowerISO
CVE-2017-2816
More information about the Secure-testing-commits
mailing list