[Secure-testing-commits] r46960 - data/CVE

Thorsten Alteholz Sat, 10 Dec 2016 14:08:13 -0800

Author: alteholz
Date: 2016-12-10 22:07:41 +0000 (Sat, 10 Dec 2016)
New Revision: 46960


Modified:
   data/CVE/list
Log:
workaround for jasper temporary entry

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-12-10 22:04:01 UTC (rev 46959)
+++ data/CVE/list       2016-12-10 22:07:41 UTC (rev 46960)
@@ -10580,6 +10580,8 @@
        NOTE: https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
 CVE-2016-XXXX [heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c)]
        - jasper <removed>
+       [wheezy] - jasper 1.900.1-13+deb7u5
+       NOTE: Workaround entry for DLA-739-1 until CVE is assigned
        NOTE: Fixed by: 
https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568
 (version-1.900.12)
        NOTE: 
https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
        NOTE: Reproducer: 
https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r46960 - data/CVE

Reply via email to