Author: bam Date: 2016-02-12 00:11:23 +0000 (Fri, 12 Feb 2016) New Revision: 39618
Modified: data/CVE/list Log: dcraw dcraw not affected by CVE-2015-8367, as vulnerability is in C++ code, and dcraw is C only. dcraw 8.99-1+b1 in squeeze and wheezy looks safe from CVE-2015-8366. dcraw 9.21-0.2+b2 in jessie and sid appears to be vulnerable to CVE-2015-8366. Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-02-11 22:13:40 UTC (rev 39617) +++ data/CVE/list 2016-02-12 00:11:23 UTC (rev 39618) @@ -7131,7 +7131,7 @@ [jessie] - libraw 0.16.0-9+deb8u2 [wheezy] - libraw <not-affected> (Vulnerable code not present) [squeeze] - libraw <not-affected> (Vulerable code not present) - - dcraw <undetermined> + - dcraw <not-affected> (Vulerable code not present) - kodi <undetermined> - darktable 2.0.0-1 [jessie] - darktable <not-affected> (vulerable code not present) @@ -7150,7 +7150,9 @@ [jessie] - libraw 0.16.0-9+deb8u2 [wheezy] - libraw <not-affected> (Vulnerable code not present) [squeeze] - libraw <not-affected> (Vulnerable code not present) - - dcraw <undetermined> + [squeeze] - dcraw <not-affected> (Vulnerable code not present) + [wheezy] - dcraw <not-affected> (Vulnerable code not present) + [jessie] - dcraw <unfixed> - kodi <undetermined> - darktable 2.0.0-1 [jessie] - darktable <not-affected> (vulerable code not present) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits