[Secure-testing-commits] r49659 - data/CVE
Brian May
bam at moszumanska.debian.org
Tue Mar 14 06:26:24 UTC 2017
Author: bam
Date: 2017-03-14 06:26:24 +0000 (Tue, 14 Mar 2017)
New Revision: 49659
Modified:
data/CVE/list
Log:
Calibre in wheezy not affected by CVE-2010-1028
The vulnerable code was not introduced until version 0.99.3 by the
following upstream commit:
commit 93b2f860f9fa5c73773013b29d152b1723108140
Author: Kovid Goyal <kovid at kovidgoyal.net>
Date: Sun Oct 21 15:09:07 2012 +0530
Add code to convert between WOFF<->sfnt font files
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-13 22:52:41 UTC (rev 49658)
+++ data/CVE/list 2017-03-14 06:26:24 UTC (rev 49659)
@@ -161965,6 +161965,7 @@
- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
- iceape <not-affected> (Vulnerable code not present)
- calibre 2.38.0+dfsg-1 (bug #787085)
+ [wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)
NOTE: 2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/
CVE-2010-XXXX [Escape href attribute in auto links]
- redmine 0.9.3-3
More information about the Secure-testing-commits
mailing list