[Secure-testing-commits] r57182 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Oct 31 21:52:24 UTC 2017


Author: jmm
Date: 2017-10-31 21:52:24 +0000 (Tue, 31 Oct 2017)
New Revision: 57182

Modified:
   data/CVE/list
Log:
two openjpeg issues n/a for jessie


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-31 21:41:42 UTC (rev 57181)
+++ data/CVE/list	2017-10-31 21:52:24 UTC (rev 57182)
@@ -5858,6 +5858,7 @@
 	NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
 CVE-2017-14151 (An off-by-one error was discovered in ...)
 	- openjpeg2 2.3.0-1 (bug #874430)
+	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874430)
 	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
 	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
@@ -6900,6 +6901,7 @@
 	NOTE: https://github.com/uclouvain/openjpeg/issues/792
 CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...)
 	- openjpeg2 2.2.0-1 (bug #874113)
+	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874113)
 	NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
 	NOTE: https://github.com/uclouvain/openjpeg/issues/835
 CVE-2017-13753




More information about the Secure-testing-commits mailing list