Author: agx Date: 2017-11-29 15:39:30 +0000 (Wed, 29 Nov 2017) New Revision: 58120
Modified: data/CVE/list Log: CVE-2017-12596: link to upstream fix Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-29 15:22:09 UTC (rev 58119) +++ data/CVE/list 2017-11-29 15:39:30 UTC (rev 58120) @@ -14602,6 +14602,7 @@ CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) - openexr <unfixed> (bug #877352) NOTE: https://github.com/openexr/openexr/issues/238 + NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and ...) - qpdf 7.0.0-1 [stretch] - qpdf <no-dsa> (Minor issue) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits