[Secure-testing-commits] r56746 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Oct 16 11:17:19 UTC 2017


Author: carnil
Date: 2017-10-16 11:17:18 +0000 (Mon, 16 Oct 2017)
New Revision: 56746

Modified:
   data/CVE/list
Log:
Three openjpeg2 issues fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-16 11:06:13 UTC (rev 56745)
+++ data/CVE/list	2017-10-16 11:17:18 UTC (rev 56746)
@@ -3386,7 +3386,7 @@
 CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in ...)
 	- openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied)
 CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
-	- openjpeg2 <unfixed> (bug #874431)
+	- openjpeg2 2.3.0-1 (bug #874431)
 	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
 	NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
 	NOTE: https://github.com/uclouvain/openjpeg/issues/985
@@ -3395,7 +3395,7 @@
 	NOTE: https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
 	NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
 CVE-2017-14151 (An off-by-one error was discovered in ...)
-	- openjpeg2 <unfixed> (bug #874430)
+	- openjpeg2 2.3.0-1 (bug #874430)
 	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
 	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
@@ -4652,7 +4652,7 @@
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
 CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...)
-	- openjpeg2 <unfixed> (bug #874115)
+	- openjpeg2 2.3.0-1 (bug #874115)
 	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
 	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
 	NOTE: https://github.com/uclouvain/openjpeg/issues/997




More information about the Secure-testing-commits mailing list