[Secure-testing-commits] r55487 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Sep 5 21:25:26 UTC 2017
Author: jmm
Date: 2017-09-05 21:25:26 +0000 (Tue, 05 Sep 2017)
New Revision: 55487
Modified:
data/CVE/list
Log:
new openjpeg issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-05 21:23:59 UTC (rev 55486)
+++ data/CVE/list 2017-09-05 21:25:26 UTC (rev 55487)
@@ -18,9 +18,15 @@
CVE-2017-14153
RESERVED
CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
- TODO: check
+ - openjpeg2 <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
+ NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
+ NOTE: https://github.com/uclouvain/openjpeg/issues/985
CVE-2017-14151 (An off-by-one error was discovered in ...)
- TODO: check
+ - openjpeg2 <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
+ NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
+ NOTE: https://github.com/uclouvain/openjpeg/issues/982
CVE-2017-1000249 [stack based buffer overflow]
{DSA-3965-1}
- file 1:5.32-1
More information about the Secure-testing-commits
mailing list