Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb3fb2f4 by Moritz Muehlenhoff at 2018-01-15T19:53:21+01:00
gdk-pixbuf DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -47276,23 +47276,26 @@ CVE-2017-6317 (Memory leak in the add_shader_program
function in vrend_renderer.
- virglrenderer 0.6.0-1 (bug #858255)
NOTE:
https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4
(0.6.0)
CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf
allows ...)
- - gdk-pixbuf <unfixed> (bug #856448)
- [jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point
release)
+ - gdk-pixbuf <unfixed> (low; bug #856448)
+ [stretch] - gdk-pixbuf 2.36.5-2+deb9u2
+ [jessie] - gdk-pixbuf <ignored> (Minor issue)
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next
update)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
NOTE: Fixed by:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f
CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c
in ...)
- - gdk-pixbuf <unfixed> (bug #856445)
- [jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point
release)
+ - gdk-pixbuf <unfixed> (low; bug #856445)
+ [stretch] - gdk-pixbuf 2.36.5-2+deb9u2
+ [jessie] - gdk-pixbuf <ignored> (Minor issue)
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next
update)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
NOTE: Fixed by:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4
NOTE: Tests:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8
CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows
context-dependent ...)
- - gdk-pixbuf <unfixed> (bug #856444)
- [jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point
release)
+ - gdk-pixbuf <unfixed> (low; bug #856444)
+ [stretch] - gdk-pixbuf 2.36.5-2+deb9u2
+ [jessie] - gdk-pixbuf <ignored> (Minor issue)
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next
update)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[15 Jan 2018] DSA-4088-1 gdk-pixbuf - security update
+ {CVE-2017-1000422}
+ [jessie] - gdk-pixbuf 2.31.1-2+deb8u7
+ [stretch] - gdk-pixbuf 2.36.5-2+deb9u2
[14 Jan 2018] DSA-4087-1 transmission - security update
{CVE-2018-5702}
[jessie] - transmission 2.84-0.2+deb8u1
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -18,8 +18,6 @@ awstats (Abhijith)
--
chromium-browser/stable
--
-gdk-pixbuf (jmm)
---
graphicsmagick
--
imagemagick/oldstable (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb3fb2f451f1fbabeb80a951f13dcea39e58eda0
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cb3fb2f451f1fbabeb80a951f13dcea39e58eda0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
