[Secure-testing-commits] r57205 - data/CVE

Markus Koschany apo at moszumanska.debian.org
Wed Nov 1 18:33:14 UTC 2017 

Author: apo
Date: 2017-11-01 18:33:14 +0000 (Wed, 01 Nov 2017)
New Revision: 57205

Modified:
   data/CVE/list
Log:
liblouis in Wheezy: Three CVE do not affect the package


There is no heap-based buffer overflow hence
CVE-2017-13739, CVE-2017-13740 and CVE-2017-13742 do not apply.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-01 16:12:17 UTC (rev 57204)
+++ data/CVE/list	2017-11-01 18:33:14 UTC (rev 57205)
@@ -7170,7 +7170,7 @@
 	- liblouis 3.3.0-1 (low; bug #874302)
 	[stretch] - liblouis <no-dsa> (Minor issue)
 	[jessie] - liblouis <no-dsa> (Minor issue)
-	[wheezy] - liblouis <no-dsa> (Minor issue)
+	[wheezy] - liblouis <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334
 	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
 CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...)
@@ -7184,14 +7184,14 @@
 	- liblouis 3.3.0-1 (low; bug #874302)
 	[stretch] - liblouis <no-dsa> (Minor issue)
 	[jessie] - liblouis <no-dsa> (Minor issue)
-	[wheezy] - liblouis <no-dsa> (Minor issue)
+	[wheezy] - liblouis <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306
 	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
 CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two ...)
 	- liblouis 3.3.0-1 (low; bug #874302)
 	[stretch] - liblouis <no-dsa> (Minor issue)
 	[jessie] - liblouis <no-dsa> (Minor issue)
-	[wheezy] - liblouis <no-dsa> (Minor issue)
+	[wheezy] - liblouis <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299
 	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
 CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in ...)

More information about the Secure-testing-commits mailing list