[Secure-testing-commits] r55982 - in data: CVE DLA DSA

Thu Sep 21 20:38:10 UTC 2017

Author: pochu
Date: 2017-09-21 20:38:10 +0000 (Thu, 21 Sep 2017)
New Revision: 55982

Modified:
   data/CVE/list
   data/DLA/list
   data/DSA/list
Log:
mark CVE-2016-8729/jbig2dec as fixed in 0.13-4 and related security updates. the upstream fix for CVE-2016-9601 also fixed this

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-21 19:56:56 UTC (rev 55981)
+++ data/CVE/list	2017-09-21 20:38:10 UTC (rev 55982)
@@ -43867,7 +43867,8 @@
 	RESERVED
 CVE-2016-8729
 	RESERVED
-	- jbig2dec <unfixed> (bug #863886)
+	{DSA-3817-1 DLA-874-1}
+	- jbig2dec 0.13-4 (bug #863886)
 	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
 	NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-09-21 19:56:56 UTC (rev 55981)
+++ data/DLA/list	2017-09-21 20:38:10 UTC (rev 55982)
@@ -684,7 +684,7 @@
 	{CVE-2016-7478 CVE-2016-7479 CVE-2017-7272}
 	[wheezy] - php5 5.4.45-0+deb7u8
 [27 Mar 2017] DLA-874-1 jbig2dec - security update
-	{CVE-2016-9601}
+	{CVE-2016-9601 CVE-2016-8729}
 	[wheezy] - jbig2dec 0.13-4~deb7u1
 [27 Mar 2017] DLA-873-1 apt-cacher - security update
 	{CVE-2017-7443}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2017-09-21 19:56:56 UTC (rev 55981)
+++ data/DSA/list	2017-09-21 20:38:10 UTC (rev 55982)
@@ -572,7 +572,7 @@
 	{CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843 CVE-2017-5848}
 	[jessie] - gst-plugins-bad1.0 1.4.4-2.1+deb8u2
 [24 Mar 2017] DSA-3817-1 jbig2dec - security update
-	{CVE-2016-9601}
+	{CVE-2016-9601 CVE-2016-8729}
 	[jessie] - jbig2dec 0.13-4~deb8u1
 [23 Mar 2017] DSA-3816-1 samba - security update
 	{CVE-2017-2619}


