[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-9085 as fixed in 0.5.1-3

Mon, 05 Jun 2023 06:32:44 -0700 


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
abee656d by Adrian Bunk at 2023-06-05T16:31:00+03:00
Mark CVE-2016-9085 as fixed in 0.5.1-3

0002-fix-potential-overflow-when-width-height-4-1-32 in 0.5.1-3
looks exactly like the upstream fix included in 0.5.2

CVE-2016-8888 is now marked as RESERVED, I'm assuming any
confusion was around this CVE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -428966,14 +428966,12 @@ CVE-2016-9032 (An exploitable buffer overflow 
exists in the Joyent SmartOS 20161
 CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS 
20161110T ...)
        NOT-FOR-US: Joyent SmartOS
 CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have 
unspeci ...)
-       - libwebp <unfixed> (unimportant; bug #842714)
+       - libwebp 0.5.1-3 (unimportant; bug #842714)
        [wheezy] - libwebp <not-affected> (vulnerable code not present)
        NOTE: 
https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
        NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 
(private)
        NOTE: For libwebp only in examples, but other projects seem to use the 
gifdec.c
        NOTE: Origin of the file seems to be from libav
-       NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 
but the taken patches
-       NOTE: look different, needs further investigation before marking as 
fixed
 CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 
4.8.11 m ...)
        - linux 4.8.11-1
        [jessie] - linux 3.16.39-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee656d754f90707ce822a3f286105036b33d6e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abee656d754f90707ce822a3f286105036b33d6e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to