[Secure-testing-commits] r49398 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Mar 3 22:17:24 UTC 2017
Author: jmm
Date: 2017-03-03 22:17:24 +0000 (Fri, 03 Mar 2017)
New Revision: 49398
Modified:
data/CVE/list
Log:
drop rejected libass issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-03 21:10:12 UTC (rev 49397)
+++ data/CVE/list 2017-03-03 22:17:24 UTC (rev 49398)
@@ -21669,15 +21669,6 @@
NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
CVE-2016-7971
REJECTED
- - libass <unfixed> (bug #840338; unimportant)
- NOTE: The "third issue" is the DoS issue as per https://github.com/libass/libass/pull/240 with
- NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have fix upstream
- NOTE: According to https://github.com/libass/libass/pull/240 the person reported the problem actually
- NOTE: CVE is disputed, but still assigned to src:libass. Given the circumstances
- NOTE: mark as unimportant since not affecting the produced binary packages unless
- NOTE: it would have been compiled with ASAN.
- NOTE: Only leads to a crash when compiled with ASAN, otherwise takes a long time,
- NOTE: but still finished parsing the input.
CVE-2016-7970 (Buffer overflow in the calc_coeff function in libass/ass_blur.c in ...)
- libass 0.13.4-1
[jessie] - libass <not-affected> (Vulnerable code introduced later)
More information about the Secure-testing-commits
mailing list