[Secure-testing-commits] r49330 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 1 05:39:53 UTC 2017
Author: carnil
Date: 2017-03-01 05:39:53 +0000 (Wed, 01 Mar 2017)
New Revision: 49330
Modified:
data/CVE/list
Log:
Adjust entry for CVE-2017-6311 after rechecking, cf. commit note
The two source files are present in the source package, but the code not
included in the binary package apparently as stated by pochu. Thus mark
as <unfixed>, but mark as (unimportant) since it does not affect the
resulting packages.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-01 05:24:42 UTC (rev 49329)
+++ data/CVE/list 2017-03-01 05:39:53 UTC (rev 49330)
@@ -245,7 +245,9 @@
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6311 [NULL dereference on gdk-pixbuf-thumbnailer]
RESERVED
- - gdk-pixbuf <not-affected> (Code introduced in 2.36.1 but not shipped in package)
+ - gdk-pixbuf <unfixed> (unimportant)
+ [jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
+ [wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ...)
More information about the Secure-testing-commits
mailing list