[Secure-testing-commits] r48546 - in data: . CVE

Guido Guenther Sun, 29 Jan 2017 22:03:08 -0800

Author: agx
Date: 2017-01-30 06:02:46 +0000 (Mon, 30 Jan 2017)
New Revision: 48546


Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
lts: triage wavpack

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-30 05:52:55 UTC (rev 48545)
+++ data/CVE/list       2017-01-30 06:02:46 UTC (rev 48546)
@@ -70,6 +70,7 @@
        NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
 CVE-2016-10172 [heap oob read in read_new_config_info / open_utils.c]
        - wavpack <unfixed> (bug #853076)
+       [wheezy] - wavpack <not-affected> (Vulnerable code not present)
        NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
        NOTE: Fixed by: 
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc 
(5.1.0)
 CVE-2016-10171 [heap out of bounds read in unreorder_channels / wvunpack.c]

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-01-30 05:52:55 UTC (rev 48545)
+++ data/dla-needed.txt 2017-01-30 06:02:46 UTC (rev 48546)
@@ -109,6 +109,11 @@
 --
 qemu-kvm (Guido Günther)
 --
+wavpack
+  NOTE: the provided testcases don't crash but this hunk
+  NOTE: 
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc#diff-bc1807cb462afb05056502f77834c6ebR291
+  NOTE: is missing in the wheezy version
+--
 wireshark (Balint Reczey)
 --
 wordpress (Markus Koschany)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48546 - in data: . CVE

Reply via email to