[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] gdk-pixbuf DSA

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb3fb2f4 by Moritz Muehlenhoff at 2018-01-15T19:53:21+01:00
gdk-pixbuf DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -47276,23 +47276,26 @@ CVE-2017-6317 (Memory leak in the add_shader_program function in vrend_renderer.
 	- virglrenderer 0.6.0-1 (bug #858255)
 	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0)
 CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...)
-	- gdk-pixbuf <unfixed> (bug #856448)
-	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
+	- gdk-pixbuf <unfixed> (low; bug #856448)
+	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
+	[jessie] - gdk-pixbuf <ignored> (Minor issue)
 	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020
 	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
 	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f
 CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in ...)
-	- gdk-pixbuf <unfixed> (bug #856445)
-	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
+	- gdk-pixbuf <unfixed> (low; bug #856445)
+	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
+	[jessie] - gdk-pixbuf <ignored> (Minor issue)
 	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016
 	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
 	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4
 	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8
 CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent ...)
-	- gdk-pixbuf <unfixed> (bug #856444)
-	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
+	- gdk-pixbuf <unfixed> (low; bug #856444)
+	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
+	[jessie] - gdk-pixbuf <ignored> (Minor issue)
 	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012
 	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html


=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[15 Jan 2018] DSA-4088-1 gdk-pixbuf - security update
+	{CVE-2017-1000422}
+	[jessie] - gdk-pixbuf 2.31.1-2+deb8u7
+	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
 [14 Jan 2018] DSA-4087-1 transmission - security update
 	{CVE-2018-5702}
 	[jessie] - transmission 2.84-0.2+deb8u1


=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -18,8 +18,6 @@ awstats (Abhijith)
 --
 chromium-browser/stable
 --
-gdk-pixbuf (jmm)
---
 graphicsmagick
 --
 imagemagick/oldstable (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb3fb2f451f1fbabeb80a951f13dcea39e58eda0

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb3fb2f451f1fbabeb80a951f13dcea39e58eda0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180115/3458d194/attachment-0001.html>