[Secure-testing-commits] r55409 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Sep 3 12:58:01 UTC 2017
Author: carnil
Date: 2017-09-03 12:58:01 +0000 (Sun, 03 Sep 2017)
New Revision: 55409
Modified:
data/CVE/list
Log:
Triage CVE-2016-10507, not-affected for jessie
In v2.1.0 with commit 33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 there was
BMP format input support updated introducing the vulnerable code.
Note for reviwers: Still please double-check.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-03 12:43:47 UTC (rev 55408)
+++ data/CVE/list 2017-09-03 12:58:01 UTC (rev 55409)
@@ -846,7 +846,9 @@
RESERVED
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in ...)
- openjpeg2 2.1.2-1
- NOTE: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2)
+ [jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 (v2.1.1)
+ NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2)
NOTE: https://github.com/uclouvain/openjpeg/issues/833
CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, ...)
- openjpeg2 <unfixed> (unimportant)
More information about the Secure-testing-commits
mailing list