[Git][security-tracker-team/security-tracker][master] CVE-2017-2870 and CVE-2017-6311 in gdk-pixbuf are not affecting stretch

Sun, 26 Dec 2021 21:25:20 -0800 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e32ab4a by Adrian Bunk at 2021-12-27T07:24:08+02:00
CVE-2017-2870 and CVE-2017-6311 in gdk-pixbuf are not affecting stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -295145,6 +295145,7 @@ CVE-2017-6312 (Integer overflow in io-ico.c in 
gdk-pixbuf allows context-depende
        NOTE: Tests: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d
 CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent 
attack ...)
        - gdk-pixbuf 2.36.10-1 (bug #858491; unimportant)
+       [stretch] - gdk-pixbuf <not-affected> (thumbnailer not installed before 
2.36.5-3)
        [jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
        [wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
@@ -305803,6 +305804,7 @@ CVE-2017-2871 (Insufficient security checks exist in 
the recovery procedure used
 CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the 
tiff_image ...)
        {DLA-2043-1}
        - gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
+       [stretch] - gdk-pixbuf <not-affected> (Built with GCC in Debian)
        NOTE: 
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e32ab4a21ad8d735ce497f4b91973017d1e4f4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e32ab4a21ad8d735ce497f4b91973017d1e4f4b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to