Author: jmm
Date: 2017-01-18 08:05:53 +0000 (Wed, 18 Jan 2017)
New Revision: 48145
Modified:
data/CVE/list
Log:
initial jasper triage
xrdp, groovy no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-18 06:58:42 UTC (rev 48144)
+++ data/CVE/list 2017-01-18 08:05:53 UTC (rev 48145)
@@ -305,14 +305,17 @@
RESERVED
- jasper <removed>
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c
+ NOTE: https://github.com/mdadams/jasper/issues/88
CVE-2017-5504
RESERVED
- jasper <removed>
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
+ NOTE: https://github.com/mdadams/jasper/issues/89
CVE-2017-5503
RESERVED
- jasper <removed>
NOTE:
https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c
+ NOTE: https://github.com/mdadams/jasper/issues/90
CVE-2017-5502
RESERVED
- jasper <removed>
@@ -325,9 +328,11 @@
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
CVE-2017-5500
RESERVED
- - jasper <removed>
+ - jasper <removed> (unimportant)
+ NOTE: Triggers an assert. Not suitable for code injection, hardly
denial of service
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+ NOTE: https://github.com/mdadams/jasper/issues/64
CVE-2017-5499
RESERVED
- jasper <removed>
@@ -335,9 +340,11 @@
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
CVE-2017-5498
RESERVED
- - jasper <removed>
+ - jasper <removed> (unimportant)
+ NOTE: Triggers an assert. Not suitable for code injection, hardly
denial of service
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
NOTE:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+ NOTE: https://github.com/mdadams/jasper/issues/62
CVE-2017-5506 [double free in profile]
RESERVED
- imagemagick <unfixed> (bug #851383)
@@ -21417,7 +21424,9 @@
CVE-2016-6814
RESERVED
- groovy 2.4.8-1 (bug #851408)
+ [jessie] - groovy <no-dsa> (Minor issue)
- groovy2 <removed>
+ [jessie] - groovy2 <no-dsa> (Minor issue)
CVE-2016-6813
RESERVED
CVE-2016-6812
@@ -111310,6 +111319,7 @@
- telepathy-gabble 0.16.6-1
CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully
logging ...)
- xrdp 0.9.1~2016121126+git5171fa7-1
+ [jessie] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/pull/497
NOTE: When successfully logging in using RDP into a xrdp session, the
file
NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
