[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-9085 as fixed in 0.5.1-3

Adrian Bunk (@bunk) bunk at debian.org
Mon Jun 5 14:32:29 BST 2023 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abee656d by Adrian Bunk at 2023-06-05T16:31:00+03:00
Mark CVE-2016-9085 as fixed in 0.5.1-3

0002-fix-potential-overflow-when-width-height-4-1-32 in 0.5.1-3
looks exactly like the upstream fix included in 0.5.2

CVE-2016-8888 is now marked as RESERVED, I'm assuming any
confusion was around this CVE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -428966,14 +428966,12 @@ CVE-2016-9032 (An exploitable buffer overflow exists in the Joyent SmartOS 20161
 CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS 20161110T ...)
 	NOT-FOR-US: Joyent SmartOS
 CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have unspeci ...)
-	- libwebp <unfixed> (unimportant; bug #842714)
+	- libwebp 0.5.1-3 (unimportant; bug #842714)
 	[wheezy] - libwebp <not-affected> (vulnerable code not present)
 	NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
 	NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)
 	NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c
 	NOTE: Origin of the file seems to be from libav
-	NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patches
-	NOTE: look different, needs further investigation before marking as fixed
 CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 m ...)
 	- linux 4.8.11-1
 	[jessie] - linux 3.16.39-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee656d754f90707ce822a3f286105036b33d6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee656d754f90707ce822a3f286105036b33d6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230605/3776c1a6/attachment.htm>

More information about the debian-security-tracker-commits mailing list