[Secure-testing-commits] r47962 - data/CVE

Moritz Muehlenhoff Thu, 12 Jan 2017 16:22:42 -0800

Author: jmm
Date: 2017-01-13 00:21:40 +0000 (Fri, 13 Jan 2017)
New Revision: 47962


Modified:
   data/CVE/list
Log:
several openjpeg issues unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-12 23:50:19 UTC (rev 47961)
+++ data/CVE/list       2017-01-13 00:21:40 UTC (rev 47962)
@@ -13764,20 +13764,25 @@
        - openjpeg2 <unfixed> (bug #844557)
        NOTE: https://github.com/uclouvain/openjpeg/issues/861
 CVE-2016-9117 (NULL Pointer Access in function imagetopnm of 
convert.c(jp2):1289 in ...)
-       - openjpeg2 <unfixed> (bug #844556)
+       - openjpeg2 <unfixed> (unimportant; bug #844556)
        NOTE: https://github.com/uclouvain/openjpeg/issues/860
+       NOTE: No code injection, function only exposed in the CLI tool
 CVE-2016-9116 (NULL Pointer Access in function imagetopnm of 
convert.c:2226(jp2) in ...)
-       - openjpeg2 <unfixed> (bug #844555)
+       - openjpeg2 <unfixed> (unimportant; bug #844555)
        NOTE: https://github.com/uclouvain/openjpeg/issues/859
+       NOTE: No code injection, function only exposed in the CLI tool
 CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of 
convert.c(jp2):942 in ...)
-       - openjpeg2 <unfixed> (bug #844554)
+       - openjpeg2 <unfixed> (unimportant; bug #844554)
        NOTE: https://github.com/uclouvain/openjpeg/issues/858
+       NOTE: No code injection, function only exposed in the CLI tool
 CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of ...)
-       - openjpeg2 <unfixed> (bug #844553)
+       - openjpeg2 <unfixed> (unimportant; bug #844553)
        NOTE: https://github.com/uclouvain/openjpeg/issues/857
+       NOTE: No code injection, function only exposed in the CLI tool
 CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of 
...)
-       - openjpeg2 <unfixed> (bug #844552)
+       - openjpeg2 <unfixed> (unimportant; bug #844552)
        NOTE: https://github.com/uclouvain/openjpeg/issues/856
+       NOTE: No code injection, function only exposed in the CLI tool
 CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
        - openjpeg2 <unfixed> (bug #844551)
        NOTE: https://github.com/uclouvain/openjpeg/issues/855
@@ -18856,7 +18861,6 @@
        RESERVED
 CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...)
        - php7.0 7.0.12-1
-       - php5 <undetermined>
        NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
        NOTE: Fixed in 7.0.12
 CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, 
resizing ...)
@@ -18956,9 +18960,10 @@
        NOTE: which remained present in the 1.3.24 release (and was not fixed 
until 1.3.25)
        NOTE: Fixed by 
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
 CVE-2016-7445 (convert.c in OpenJPEG before 2.1.2 allows remote attackers to 
cause a ...)
-       - openjpeg2 2.1.2-1 (bug #838690)
+       - openjpeg2 2.1.2-1 (unimportant; bug #838690)
        NOTE: https://github.com/uclouvain/openjpeg/issues/843
        NOTE: PoC: 
https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
+       NOTE: No code injection, function only exposed in the CLI tool
 CVE-2016-7443
        RESERVED
 CVE-2016-7442 (The Frontend component in Sophos UTM with firmware 9.405-5 and 
earlier ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r47962 - data/CVE

Reply via email to