[Secure-testing-commits] r56746 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Oct 16 11:17:19 UTC 2017
Author: carnil
Date: 2017-10-16 11:17:18 +0000 (Mon, 16 Oct 2017)
New Revision: 56746
Modified:
data/CVE/list
Log:
Three openjpeg2 issues fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-16 11:06:13 UTC (rev 56745)
+++ data/CVE/list 2017-10-16 11:17:18 UTC (rev 56746)
@@ -3386,7 +3386,7 @@
CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in ...)
- openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied)
CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
- - openjpeg2 <unfixed> (bug #874431)
+ - openjpeg2 2.3.0-1 (bug #874431)
NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
NOTE: https://github.com/uclouvain/openjpeg/issues/985
@@ -3395,7 +3395,7 @@
NOTE: https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
CVE-2017-14151 (An off-by-one error was discovered in ...)
- - openjpeg2 <unfixed> (bug #874430)
+ - openjpeg2 2.3.0-1 (bug #874430)
NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
NOTE: https://github.com/uclouvain/openjpeg/issues/982
@@ -4652,7 +4652,7 @@
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...)
- - openjpeg2 <unfixed> (bug #874115)
+ - openjpeg2 2.3.0-1 (bug #874115)
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
NOTE: https://github.com/uclouvain/openjpeg/issues/997
More information about the Secure-testing-commits
mailing list