[Secure-testing-commits] r52292 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jun 4 17:25:34 UTC 2017
Author: jmm
Date: 2017-06-04 17:25:33 +0000 (Sun, 04 Jun 2017)
New Revision: 52292
Modified:
data/CVE/list
Log:
dcraw bug
lrzip no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-04 17:16:14 UTC (rev 52291)
+++ data/CVE/list 2017-06-04 17:25:33 UTC (rev 52292)
@@ -1763,6 +1763,8 @@
NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...)
- lrzip <unfixed> (bug #863150)
+ [stretch] - lrzip <no-dsa> (Minor issue)
+ [jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/71
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
@@ -1773,6 +1775,8 @@
NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
- lrzip <unfixed> (bug #863153)
+ [stretch] - lrzip <no-dsa> (Minor issue)
+ [jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/70
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
@@ -57494,7 +57498,8 @@
[jessie] - libraw 0.16.0-9+deb8u2
[wheezy] - libraw <not-affected> (Vulnerable code not present)
[squeeze] - libraw <not-affected> (Vulnerable code not present)
- - dcraw <unfixed>
+ - dcraw <unfixed> (bug #864168)
+ [stretch] - dcraw <no-dsa> (Minor issue)
[jessie] - dcraw <no-dsa> (Minor issue)
[wheezy] - dcraw <not-affected> (Vulnerable code not present)
[squeeze] - dcraw <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list