[Git][security-tracker-team/security-tracker][master] CVE-2016-8886,jasper: Clarify impact and status of issue.
Markus Koschany
apo at debian.org
Tue Nov 20 21:54:58 GMT 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10405196 by Markus Koschany at 2018-11-20T21:54:07Z
CVE-2016-8886,jasper: Clarify impact and status of issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -106552,6 +106552,9 @@ CVE-2016-8886 (The jas_malloc function in libjasper/base/jas_malloc.c in JasPer
[jessie] - jasper <no-dsa> (Minor issue)
[wheezy] - jasper <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
+ NOTE: The memory exhaustion has no real impact unless when jasper is compiled with ASAN.
+ NOTE: Without ASAN the failure is handled gracefully. In addition the fix is marked as experimental
+ NOTE: and not suitable for a backport.
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
- sendmail 8.15.2-7 (bug #841257)
[jessie] - sendmail 8.14.4-8+deb8u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1040519604f4fd98ba71632fd7f20fc160ce8806
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1040519604f4fd98ba71632fd7f20fc160ce8806
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181120/f0d2c7d4/attachment.html>
More information about the debian-security-tracker-commits
mailing list