[Secure-testing-commits] r50069 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Mar 26 10:13:50 UTC 2017
Author: carnil
Date: 2017-03-26 10:13:50 +0000 (Sun, 26 Mar 2017)
New Revision: 50069
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-7263
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-26 10:10:38 UTC (rev 50068)
+++ data/CVE/list 2017-03-26 10:13:50 UTC (rev 50069)
@@ -16,7 +16,7 @@
NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
NOTE: in fz_subsample_pixmap.
CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
- - potrace <unfixed>
+ - potrace <unfixed> (bug #858763)
NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH
NOTE: This CVE is for an incomplete fix of CVE-2016-8698
More information about the Secure-testing-commits
mailing list