[Secure-testing-commits] r51894 - in data: . CVE
Emilio Pozuelo Monfort
pochu at moszumanska.debian.org
Tue May 23 19:04:24 UTC 2017
Author: pochu
Date: 2017-05-23 19:04:24 +0000 (Tue, 23 May 2017)
New Revision: 51894
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Mark CVE-2017-7263 as no-dsa for wheezy
This is issue does not warrant a DLA. It can be fixed in the next update
if other important issues are found.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-23 18:50:38 UTC (rev 51893)
+++ data/CVE/list 2017-05-23 19:04:24 UTC (rev 51894)
@@ -5392,6 +5392,7 @@
CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
- potrace <unfixed> (bug #858763)
[jessie] - potrace <no-dsa> (Minor issue)
+ [wheezy] - potrace <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH
NOTE: This CVE is for an incomplete fix of CVE-2016-8698
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-05-23 18:50:38 UTC (rev 51893)
+++ data/dla-needed.txt 2017-05-23 19:04:24 UTC (rev 51894)
@@ -98,9 +98,6 @@
postgresql-9.1 (Thorsten Alteholz)
NOTE: 20170521, asking maintainer whether this version is affected
--
-potrace (Emilio Pozuelo)
- NOTE: This CVE is for an incomplete fix of CVE-2016-8698
---
puppet
--
putty
More information about the Secure-testing-commits
mailing list