[Secure-testing-commits] r55545 - data/CVE

Hugo Lefeuvre Thu, 07 Sep 2017 09:48:33 -0700

Author: hle
Date: 2017-09-07 16:47:53 +0000 (Thu, 07 Sep 2017)
New Revision: 55545


Modified:
   data/CVE/list
Log:
Mark CVE-2017-9991 <not-affected> in wheezy & jessie.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-07 16:40:00 UTC (rev 55544)
+++ data/CVE/list       2017-09-07 16:47:53 UTC (rev 55545)
@@ -9910,9 +9910,11 @@
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360
 CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in 
...)
        - ffmpeg 7:3.2.5-1
-       - libav <undetermined>
-       [wheezy] - libav <not-affected> (Vulnerable code not present)
+       - libav <not-affected> (Vulnerable feature not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06
+       NOTE: The error occurs in the support for 8bpp XWD images where bpp and 
image
+       NOTE: depth are not checked thoroughly enough. Libav does not support 
8bpp
+       NOTE: images and bails out early -- Diego Biurrun (libav project)
 CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba 
function in ...)
        - ffmpeg <not-affected> (Vulnerable code not present)
        - libav <not-affected> (Vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r55545 - data/CVE

Reply via email to