[Git][security-tracker-team/security-tracker][master] CVE-2017-2870 and CVE-2017-6311 in gdk-pixbuf are not affecting stretch

Adrian Bunk (@bunk) bunk at debian.org
Mon Dec 27 05:25:11 GMT 2021 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e32ab4a by Adrian Bunk at 2021-12-27T07:24:08+02:00
CVE-2017-2870 and CVE-2017-6311 in gdk-pixbuf are not affecting stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -295145,6 +295145,7 @@ CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-depende
 	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d
 CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...)
 	- gdk-pixbuf 2.36.10-1 (bug #858491; unimportant)
+	[stretch] - gdk-pixbuf <not-affected> (thumbnailer not installed before 2.36.5-3)
 	[jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
 	[wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
@@ -305803,6 +305804,7 @@ CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used
 CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...)
 	{DLA-2043-1}
 	- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
+	[stretch] - gdk-pixbuf <not-affected> (Built with GCC in Debian)
 	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e32ab4a21ad8d735ce497f4b91973017d1e4f4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e32ab4a21ad8d735ce497f4b91973017d1e4f4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211227/6425451a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list