[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-9085 as fixed in 0.5.1-3
Adrian Bunk (@bunk)
bunk at debian.org
Mon Jun 5 14:32:29 BST 2023
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
abee656d by Adrian Bunk at 2023-06-05T16:31:00+03:00
Mark CVE-2016-9085 as fixed in 0.5.1-3
0002-fix-potential-overflow-when-width-height-4-1-32 in 0.5.1-3
looks exactly like the upstream fix included in 0.5.2
CVE-2016-8888 is now marked as RESERVED, I'm assuming any
confusion was around this CVE.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -428966,14 +428966,12 @@ CVE-2016-9032 (An exploitable buffer overflow exists in the Joyent SmartOS 20161
CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS 20161110T ...)
NOT-FOR-US: Joyent SmartOS
CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have unspeci ...)
- - libwebp <unfixed> (unimportant; bug #842714)
+ - libwebp 0.5.1-3 (unimportant; bug #842714)
[wheezy] - libwebp <not-affected> (vulnerable code not present)
NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)
NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c
NOTE: Origin of the file seems to be from libav
- NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patches
- NOTE: look different, needs further investigation before marking as fixed
CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 m ...)
- linux 4.8.11-1
[jessie] - linux 3.16.39-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee656d754f90707ce822a3f286105036b33d6e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee656d754f90707ce822a3f286105036b33d6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230605/3776c1a6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list