Author: carnil Date: 2017-03-26 10:02:36 +0000 (Sun, 26 Mar 2017) New Revision: 50065
Modified: data/CVE/list Log: Add CVE-2017-7263/potrace Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-26 09:50:47 UTC (rev 50064) +++ data/CVE/list 2017-03-26 10:02:36 UTC (rev 50065) @@ -16,7 +16,10 @@ NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow NOTE: in fz_subsample_pixmap. CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...) - TODO: check + - potrace <unfixed> + NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/ + NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH + NOTE: This CVE is for an incomplete fix of CVE-2016-8698 CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia ...) TODO: check CVE-2017-XXXX [apt-cacher http response splitting] _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits