[Secure-testing-commits] r50063 - in data: CVE DSA

Sun Mar 26 09:38:03 UTC 2017

Author: carnil
Date: 2017-03-26 09:38:03 +0000 (Sun, 26 Mar 2017)
New Revision: 50063

Modified:
   data/CVE/list
   data/DSA/list
Log:
Update for CVE-2017-7264

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-03-26 09:26:51 UTC (rev 50062)
+++ data/CVE/list	2017-03-26 09:38:03 UTC (rev 50063)
@@ -7,7 +7,12 @@
 CVE-2017-7265
 	RESERVED
 CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function in ...)
-	TODO: check
+	- mupdf 1.9a+ds1-3 (bug #854734)
+	[wheezy] - mupdf <not-affected> (vulnerable code not present)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
+	NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
+	NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
+	NOTE: This is a duplicate of CVE-2017-5896
 CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
 	TODO: check
 CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-03-26 09:26:51 UTC (rev 50062)
+++ data/DSA/list	2017-03-26 09:38:03 UTC (rev 50063)
@@ -65,7 +65,7 @@
 	{CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310}
 	[jessie] - tnef 1.4.9-1+deb8u1
 [28 Feb 2017] DSA-3797-1 mupdf - security update
-	{CVE-2016-8674 CVE-2017-5896 CVE-2017-5991}
+	{CVE-2016-8674 CVE-2017-5896 CVE-2017-5991 CVE-2017-7264}
 	[jessie] - mupdf 1.5-1+deb8u2
 [26 Feb 2017] DSA-3796-1 apache2 - security update
 	{CVE-2016-0736 CVE-2016-2161 CVE-2016-8743}


