[Secure-testing-commits] r50064 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Mar 26 09:50:48 UTC 2017
Author: carnil
Date: 2017-03-26 09:50:47 +0000 (Sun, 26 Mar 2017)
New Revision: 50064
Modified:
data/CVE/list
Log:
Clarify note for CVE-2017-7264
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-26 09:38:03 UTC (rev 50063)
+++ data/CVE/list 2017-03-26 09:50:47 UTC (rev 50064)
@@ -12,7 +12,9 @@
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
- NOTE: This is a duplicate of CVE-2017-5896
+ NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free
+ NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
+ NOTE: in fz_subsample_pixmap.
CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
TODO: check
CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia ...)
More information about the Secure-testing-commits
mailing list