[Git][security-tracker-team/security-tracker][master] CVE-2016-3977 was made reopened by a NMU 5.1.4-0.4

Tue, 05 Jun 2018 11:35:49 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
78aeb3a0 by Salvatore Bonaccorso at 2018-06-05T20:32:14+02:00
CVE-2016-3977 was made reopened by a NMU 5.1.4-0.4

Apparently the update claimed that the patch is already upstream, but
this is missleading: the patch still was applied to fix the issue in
5.1.4-0.3.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -101792,11 +101792,14 @@ CVE-2016-3981 (Heap-based buffer overflow in the 
bmp_read_rows function in pngxr
        - optipng 0.7.6-1
        NOTE: https://sourceforge.net/p/optipng/bugs/56/
 CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in 
giflib ...)
-       - giflib 5.1.4-0.3 (bug #820526)
+       - giflib <unfixed> (bug #820526)
        [jessie] - giflib <no-dsa> (Minor issue)
        [wheezy] - giflib <no-dsa> (minor issue)
        NOTE: https://sourceforge.net/p/giflib/bugs/87/
        NOTE: 
https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
+       NOTE: The issue was originally fixed in  5.1.4-0.3 but then the NMU 
upload
+       NOTE: 5.1.4-0.4 just dropped the patch claiming the patch was already 
present
+       NOTE: which is untrue and reopening the issue.
 CVE-2016-3969 (Cross-site scripting (XSS) vulnerability in McAfee Email 
Gateway (MEG) ...)
        NOT-FOR-US: McAfee Email Gateway
 CVE-2016-3968 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos 
Cyberoam ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78aeb3a0478016962bd11009086b6f19f2c3f527

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78aeb3a0478016962bd11009086b6f19f2c3f527
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to