[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-18009/opencv as unfixed for unstable

Sun Apr 21 07:11:31 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e91f93d by Salvatore Bonaccorso at 2019-04-21T06:09:57Z
Mark CVE-2017-18009/opencv as unfixed for unstable

The checks in modules/imgcodecs/src/grfmt_hdr.cpp in 3.2.0+dfsg-6 are
still the same as before the patch in
https://github.com/opencv/opencv/commit/4ca89db22dea962690f31c1781bce5937ee91837
and the vulnerable code seems introduced prior to the version currently
in unstable.

Check: Is there are reason it would not affect yet 3.2.0+dfsg-1 onwards?

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72781,7 +72781,7 @@ CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin befor
 	NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress
 CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function  ...)
 	[experimental] - opencv 3.4.4+dfsg-1~exp1
-	- opencv 3.2.0+dfsg-6 (bug #924884)
+	- opencv <unfixed> (bug #924884)
 	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
 	[jessie] - opencv <not-affected> (Vulnerable code introduced later)
 	[wheezy] - opencv <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e91f93dc14d2e6f6dbf05388eb32cd79c864f35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e91f93dc14d2e6f6dbf05388eb32cd79c864f35
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190421/ff6e1a80/attachment.html>
