[Secure-testing-commits] r50065 - data/CVE

Salvatore Bonaccorso Sun, 26 Mar 2017 03:03:07 -0700

Author: carnil
Date: 2017-03-26 10:02:36 +0000 (Sun, 26 Mar 2017)
New Revision: 50065


Modified:
   data/CVE/list
Log:
Add CVE-2017-7263/potrace

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-26 09:50:47 UTC (rev 50064)
+++ data/CVE/list       2017-03-26 10:02:36 UTC (rev 50065)
@@ -16,7 +16,10 @@
        NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer 
overflow
        NOTE: in fz_subsample_pixmap.
 CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 
allows ...)
-       TODO: check
+       - potrace <unfixed>
+       NOTE: 
https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
+       NOTE: Proposed patch: 
https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH
+       NOTE: This CVE is for an incomplete fix of CVE-2016-8698
 CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of 
Scandinavia ...)
        TODO: check
 CVE-2017-XXXX [apt-cacher http response splitting]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50065 - data/CVE

Reply via email to