[Secure-testing-commits] r46586 - data/CVE

Sat, 26 Nov 2016 13:47:35 -0800 

Author: alteholz
Date: 2016-11-26 21:47:15 +0000 (Sat, 26 Nov 2016)
New Revision: 46586

Modified:
   data/CVE/list
Log:
take care of some jasper issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-11-26 20:02:32 UTC (rev 46585)
+++ data/CVE/list       2016-11-26 21:47:15 UTC (rev 46586)
@@ -547,6 +547,7 @@
 CVE-2016-9557 [signed integer overflow in jas_image.c]
        RESERVED
        - jasper <removed>
+       [wheezy] - jasper <no-dsa> (the fix is too invasive)
        NOTE: 
https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
        NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
 CVE-2016-9555 [net/sctp: slab-out-of-bounds in sctp_sf_ootb]
@@ -1457,6 +1458,7 @@
 CVE-2016-9262 [use after free in jas_realloc (jas_malloc.c)]
        RESERVED
        - jasper <removed>
+       [wheezy] - jasper <no-dsa> (Vulnerable code introduced later)
        NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
        NOTE: 
https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
 CVE-2016-9258
@@ -2857,6 +2859,7 @@
        RESERVED
        - jasper <removed> (low)
        [jessie] - jasper <no-dsa> (Minor issue)
+       [wheezy] - jasper <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
 CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
        - sendmail <unfixed> (bug #841257)
@@ -2884,10 +2887,12 @@
 CVE-2016-8881 [Heap overflow in jpc_getuint16()]
        RESERVED
        - jasper <removed>
+       [wheezy] - jasper <no-dsa> (no patch available for just this issue)
        NOTE: https://github.com/mdadams/jasper/issues/29
 CVE-2016-8880 [Heap overflow in jpc_dec_cp_setfromcox()]
        RESERVED
        - jasper <removed>
+       [wheezy] - jasper <no-dsa> (no patch available for just this issue)
        NOTE: https://github.com/mdadams/jasper/issues/28
 CVE-2016-8866 [memory allocation failure in AcquireMagickMemory (memory.c) 
(incomplete fix for CVE-2016-8862)]
        RESERVED


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to