Author: agx Date: 2017-11-30 10:28:05 +0000 (Thu, 30 Nov 2017) New Revision: 58136
Modified: data/CVE/list Log: lts: CVE-2017-12596 was fixed by DLA-1083-1 as well The patches added checks that address this CVE as well. See https://github.com/openexr/openexr/issues/238 Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-30 09:10:14 UTC (rev 58135) +++ data/CVE/list 2017-11-30 10:28:05 UTC (rev 58136) @@ -14654,6 +14654,7 @@ NOTE: https://github.com/opencv/opencv/issues/9309 CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) - openexr <unfixed> (bug #877352) + [wheezy] - openexr 1.6.1-6+deb7u1 NOTE: https://github.com/openexr/openexr/issues/238 NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits