Author: carnil
Date: 2017-04-17 18:42:33 +0000 (Mon, 17 Apr 2017)
New Revision: 50730
Modified:
data/CVE/list
Log:
Correct affected versions for CVE-2017-7864
CFF2 support introduced in 2.7.1 only, as such the issue appear only
from 2.7.1 onwards. Mark as correctly noted for the wheezy triage, and
mark freetype as not-affected for all suites (experimental still tracked
via the BTS bug #860313)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-17 17:34:35 UTC (rev 50729)
+++ data/CVE/list 2017-04-17 18:42:33 UTC (rev 50730)
@@ -72,8 +72,7 @@
- libav <undetermined>
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused
by a ...)
- - freetype <unfixed> (bug #860313)
- [wheezy] - freetype <not-affected> (CFF2 support was introduced later)
+ - freetype <not-affected> (Vulnerable code not present; CFF2 support
introduced in 2.7.1, cf #860313)
NOTE: Fixed by:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
