[Secure-testing-commits] r56319 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Sun Oct 1 11:15:10 UTC 2017
Author: agx
Date: 2017-10-01 11:15:10 +0000 (Sun, 01 Oct 2017)
New Revision: 56319
Modified:
data/CVE/list
Log:
libvorbis: mark jessie and wheezy as not affected by CVE-2017-14632
The check for vi->channels<=0 was introduced upstream in
4b67376da7ded7f16dfebb8a05fb559ac7fbcf55 and not checking it would only
result in _vorbis_pack_info writing out this information.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-01 10:32:48 UTC (rev 56318)
+++ data/CVE/list 2017-10-01 11:15:10 UTC (rev 56319)
@@ -821,6 +821,8 @@
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ...)
- libvorbis <unfixed> (bug #876779)
+ [jessie] - libvorbis <not-affected> (Vulnerable code not present)
+ [wheezy] - libvorbis <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328
NOTE: https://github.com/xiph/vorbis/issues/29
CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an ...)
More information about the Secure-testing-commits
mailing list