[Secure-testing-commits] r49969 - in data: . CVE

Emilio Pozuelo Monfort pochu at moszumanska.debian.org
Thu Mar 23 17:49:52 UTC 2017 

Author: pochu
Date: 2017-03-23 17:49:52 +0000 (Thu, 23 Mar 2017)
New Revision: 49969

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
tag gdk-pixbuf as no-dsa for wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-23 16:56:09 UTC (rev 49968)
+++ data/CVE/list	2017-03-23 17:49:52 UTC (rev 49969)
@@ -2384,16 +2384,19 @@
 CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...)
 	- gdk-pixbuf <unfixed> (bug #856448)
 	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
+	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020
 	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
 CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in ...)
 	- gdk-pixbuf <unfixed> (bug #856445)
 	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
+	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016
 	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
 CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent ...)
 	- gdk-pixbuf <unfixed> (bug #856444)
 	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
+	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012
 	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
 CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-03-23 16:56:09 UTC (rev 49968)
+++ data/dla-needed.txt	2017-03-23 17:49:52 UTC (rev 49969)
@@ -33,8 +33,6 @@
   NOTE: no update needed yet, but next update will be for ESR 52 as ESR 45 is now
   NOTE: EOL. I have already started to look at ESR 52 to anticipate any problems
 --
-gdk-pixbuf (Emilio Pozuelo)
---
 graphicsmagick
   NOTE: seems only a single memory/CPU DOS at this point, maybe wait for more issues?
   NOTE: DLA-547-1 also did not fix CVE-2016-5240 so should be included in next upload.

More information about the Secure-testing-commits mailing list