Author: alteholz
Date: 2015-12-22 21:37:54 +0000 (Tue, 22 Dec 2015)
New Revision: 38482
Modified:
data/CVE/list
Log:
for libpng we already have the complete patch set in Squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-22 21:10:12 UTC (rev 38481)
+++ data/CVE/list 2015-12-22 21:37:54 UTC (rev 38482)
@@ -3328,6 +3328,7 @@
CVE-2015-8472 [Incomplete fix for CVE-2015-8126]
RESERVED
- libpng <unfixed> (bug #807112)
+ [squeeze] - libpng <not-affected> (CVE-2015-8472 was assigned after it
was discovered that initial patch was incomplete. libpng as shipped in Squeeze
is not affected by this CVE, since we've already applied complete patch to fix
the original issue.)
NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2)
png_get_PLTE ...)
{DSA-3399-1 DLA-343-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
