[Secure-testing-commits] r57184 - in data: . CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Oct 31 21:59:11 UTC 2017
Author: jmm
Date: 2017-10-31 21:59:11 +0000 (Tue, 31 Oct 2017)
New Revision: 57184
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
openjpeg2 DSA
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-31 21:54:23 UTC (rev 57183)
+++ data/CVE/list 2017-10-31 21:59:11 UTC (rev 57184)
@@ -5858,6 +5858,7 @@
NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
CVE-2017-14151 (An off-by-one error was discovered in ...)
- openjpeg2 2.3.0-1 (bug #874430)
+ [stretch] - openjpeg2 2.1.2-1.1+deb9u2
[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874430)
NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
@@ -6901,6 +6902,7 @@
NOTE: https://github.com/uclouvain/openjpeg/issues/792
CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...)
- openjpeg2 2.2.0-1 (bug #874113)
+ [stretch] - openjpeg2 2.1.2-1.1+deb9u2
[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874113)
NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
NOTE: https://github.com/uclouvain/openjpeg/issues/835
@@ -61412,6 +61414,7 @@
CVE-2016-5157 (Heap-based buffer overflow in the opj_dwt_interleave_v function in ...)
{DSA-3660-1}
- openjpeg2 2.1.2-1
+ [jessie] - openjpeg2 2.1.0-2+deb8u3
- chromium-browser 53.0.2785.89-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
NOTE: http://www.openwall.com/lists/oss-security/2016/09/08/8
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2017-10-31 21:54:23 UTC (rev 57183)
+++ data/DSA/list 2017-10-31 21:59:11 UTC (rev 57184)
@@ -1,3 +1,7 @@
+[31 Oct 2017] DSA-4013-1 openjpeg2 - security update
+ {CVE-2016-1628 CVE-2016-5152 CVE-2016-9118 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14152}
+ [jessie] - openjpeg2 2.1.0-2+deb8u3
+ [stretch] - openjpeg2 2.1.2-1.1+deb9u2
[31 Oct 2017] DSA-4012-1 libav - security update
{CVE-2015-8365 CVE-2017-7208 CVE-2017-7862 CVE-2017-9992}
[jessie] - libav 6:11.11-1~deb8u1
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-10-31 21:54:23 UTC (rev 57183)
+++ data/dsa-needed.txt 2017-10-31 21:59:11 UTC (rev 57184)
@@ -36,8 +36,6 @@
--
openjdk-8/stable (jmm)
--
-openjpeg2 (jmm)
---
php-horde-image
--
php5
More information about the Secure-testing-commits
mailing list