Author: carnil Date: 2017-04-17 18:42:33 +0000 (Mon, 17 Apr 2017) New Revision: 50730
Modified: data/CVE/list Log: Correct affected versions for CVE-2017-7864 CFF2 support introduced in 2.7.1 only, as such the issue appear only from 2.7.1 onwards. Mark as correctly noted for the wheezy triage, and mark freetype as not-affected for all suites (experimental still tracked via the BTS bug #860313) Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-17 17:34:35 UTC (rev 50729) +++ data/CVE/list 2017-04-17 18:42:33 UTC (rev 50730) @@ -72,8 +72,7 @@ - libav <undetermined> NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a ...) - - freetype <unfixed> (bug #860313) - [wheezy] - freetype <not-affected> (CFF2 support was introduced later) + - freetype <not-affected> (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313) NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509 CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits