[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2017-12447/gdk-pixbuf
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 13 15:51:51 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
794555b7 by Salvatore Bonaccorso at 2019-03-13T15:48:58Z
Add fixed version for CVE-2017-12447/gdk-pixbuf
Whilest the CVE-2017-12447 issue is not the same as the CVE-2015-7552
("Heap-based buffer overflow in the gdk_pixbuf_flip function") issue,
the jessie-security upload back in 2016 as uploaded as 2.31.1-2+deb8u5
did contain additional patches.
* bmp: Reject impossible palette size
correspond respectively to the later assigned CVE-2017-12447 issue,
fixed upstream by commit
https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990
..
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93378,6 +93378,7 @@ CVE-2017-12448 (The bfd_cache_close function in bfd/cache.c in the Binary File .
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24
CVE-2017-12447 (GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus ...)
- gdk-pixbuf 2.34.0-1
+ [jessie] - gdk-pixbuf 2.31.1-2+deb8u5
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785979
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 (2.33.2)
CVE-2017-12446
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/794555b7902171f7cc955e87db897f54675f80f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/794555b7902171f7cc955e87db897f54675f80f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190313/7ba079b7/attachment.html>
More information about the debian-security-tracker-commits
mailing list