[Secure-testing-commits] r58136 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Thu Nov 30 10:28:05 UTC 2017
Author: agx
Date: 2017-11-30 10:28:05 +0000 (Thu, 30 Nov 2017)
New Revision: 58136
Modified:
data/CVE/list
Log:
lts: CVE-2017-12596 was fixed by DLA-1083-1 as well
The patches added checks that address this CVE as well. See
https://github.com/openexr/openexr/issues/238
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-30 09:10:14 UTC (rev 58135)
+++ data/CVE/list 2017-11-30 10:28:05 UTC (rev 58136)
@@ -14654,6 +14654,7 @@
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
- openexr <unfixed> (bug #877352)
+ [wheezy] - openexr 1.6.1-6+deb7u1
NOTE: https://github.com/openexr/openexr/issues/238
NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c
CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and ...)
More information about the Secure-testing-commits
mailing list