[Git][security-tracker-team/security-tracker][master] CVE-2016-3977 was made reopened by a NMU 5.1.4-0.4

Salvatore Bonaccorso carnil at debian.org
Tue Jun 5 19:35:26 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78aeb3a0 by Salvatore Bonaccorso at 2018-06-05T20:32:14+02:00
CVE-2016-3977 was made reopened by a NMU 5.1.4-0.4

Apparently the update claimed that the patch is already upstream, but
this is missleading: the patch still was applied to fix the issue in
5.1.4-0.3.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -101792,11 +101792,14 @@ CVE-2016-3981 (Heap-based buffer overflow in the bmp_read_rows function in pngxr
 	- optipng 0.7.6-1
 	NOTE: https://sourceforge.net/p/optipng/bugs/56/
 CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib ...)
-	- giflib 5.1.4-0.3 (bug #820526)
+	- giflib <unfixed> (bug #820526)
 	[jessie] - giflib <no-dsa> (Minor issue)
 	[wheezy] - giflib <no-dsa> (minor issue)
 	NOTE: https://sourceforge.net/p/giflib/bugs/87/
 	NOTE: https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
+	NOTE: The issue was originally fixed in  5.1.4-0.3 but then the NMU upload
+	NOTE: 5.1.4-0.4 just dropped the patch claiming the patch was already present
+	NOTE: which is untrue and reopening the issue.
 CVE-2016-3969 (Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) ...)
 	NOT-FOR-US: McAfee Email Gateway
 CVE-2016-3968 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78aeb3a0478016962bd11009086b6f19f2c3f527

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78aeb3a0478016962bd11009086b6f19f2c3f527
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180605/95dfa498/attachment.html>

More information about the debian-security-tracker-commits mailing list