Author: hle Date: 2017-09-07 16:47:53 +0000 (Thu, 07 Sep 2017) New Revision: 55545
Modified: data/CVE/list Log: Mark CVE-2017-9991 <not-affected> in wheezy & jessie. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-07 16:40:00 UTC (rev 55544) +++ data/CVE/list 2017-09-07 16:47:53 UTC (rev 55545) @@ -9910,9 +9910,11 @@ NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360 CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in ...) - ffmpeg 7:3.2.5-1 - - libav <undetermined> - [wheezy] - libav <not-affected> (Vulnerable code not present) + - libav <not-affected> (Vulnerable feature not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06 + NOTE: The error occurs in the support for 8bpp XWD images where bpp and image + NOTE: depth are not checked thoroughly enough. Libav does not support 8bpp + NOTE: images and bails out early -- Diego Biurrun (libav project) CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba function in ...) - ffmpeg <not-affected> (Vulnerable code not present) - libav <not-affected> (Vulnerable code not present) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits