[Secure-testing-commits] r37734 - data/CVE

Salvatore Bonaccorso Tue, 17 Nov 2015 06:35:39 -0800

Author: carnil
Date: 2015-11-17 14:34:01 +0000 (Tue, 17 Nov 2015)
New Revision: 37734


Modified:
   data/CVE/list
Log:
Update CVE-2015-8106/latex2rtf

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-11-17 14:33:52 UTC (rev 37733)
+++ data/CVE/list       2015-11-17 14:34:01 UTC (rev 37734)
@@ -241,12 +241,13 @@
        [squeeze] - a2ps <no-dsa> (Minor issue)
 CVE-2015-8106 [format string vulnerability]
        RESERVED
-       - latex2rtf <unfixed>
+       - latex2rtf <unfixed> (unimportant)
        [wheezy] - latex2rtf <not-affected> (Vulnerable code introduced later)
        [squeeze] - latex2rtf <not-affected> (Vulnerable code introduced later)
        NOTE: keywords command support introduced in 
http://sourceforge.net/p/latex2rtf/code/1152
        NOTE: 
http://sourceforge.net/p/latex2rtf/code/1152/tree//trunk/funct1.c?diff=50900fed34309d3c639c868f:1151
        NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
+       NOTE: Rendered non-exploitable by toolchain hardening
 CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) 
png_get_PLTE ...)
        - libpng <unfixed> (bug #805113)
        NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r37734 - data/CVE

Reply via email to