[Secure-testing-commits] r55679 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 12 08:15:55 UTC 2017
Author: carnil
Date: 2017-09-12 08:15:55 +0000 (Tue, 12 Sep 2017)
New Revision: 55679
Modified:
data/CVE/list
Log:
Clarify note for CVE-2017-14103
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-12 06:37:35 UTC (rev 55678)
+++ data/CVE/list 2017-09-12 08:15:55 UTC (rev 55679)
@@ -591,8 +591,8 @@
NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3)
CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in ...)
- graphicsmagick 1.3.26-8
- [stretch] - graphicsmagick <not-affected> (Incomplete fix not applied)
- [jessie] - graphicsmagick <not-affected> (Incomplete fix not applied)
+ [stretch] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
+ [jessie] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
NOTE: http://www.openwall.com/lists/oss-security/2017/09/01/6
NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/
More information about the Secure-testing-commits
mailing list