Author: carnil Date: 2016-10-23 11:12:14 +0000 (Sun, 23 Oct 2016) New Revision: 45526
Modified: data/CVE/list Log: Update entries for CVE-2016-888{4,5}/jasper Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-10-23 11:08:58 UTC (rev 45525) +++ data/CVE/list 2016-10-23 11:12:14 UTC (rev 45526) @@ -20,6 +20,12 @@ NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root] - sendmail <unfixed> (bug #841257) +CVE-2016-8885 + - jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied) + NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690 +CVE-2016-8884 + - jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied) + NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690 CVE-2016-8883 [assert in jpc_dec_tiledecode()] - jasper <unfixed> NOTE: https://github.com/mdadams/jasper/issues/32 @@ -156,6 +162,8 @@ - jasper <unfixed> (bug #841112) NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/ + NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and + NOTE: CVE-2016-8885. CVE-2016-8689 RESERVED {DLA-661-1} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits