Author: carnil
Date: 2016-01-14 22:25:55 +0000 (Thu, 14 Jan 2016)
New Revision: 38927
Modified:
data/CVE/list
Log:
Mark giflib as no-dsa for jessie and wheezy
Note for reviewers: Reasoning for the giflib no-dsa (but might be
disputed, correct me if you think otherwise): The issue is only in the
giffix utility. giffix is though used in fuzzyocr (low popcon).
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-14 22:09:55 UTC (rev 38926)
+++ data/CVE/list 2016-01-14 22:25:55 UTC (rev 38927)
@@ -7832,6 +7832,8 @@
CVE-2015-7555 [Heap-based buffer overflow in giffix utility]
RESERVED
- giflib <unfixed> (bug #808704)
+ [jessie] - giflib <no-dsa> (Minor issue; only in giffix utility)
+ [wheezy] - giflib <no-dsa> (Minor issue; only in giffix utility)
CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6
allows ...)
- tiff <unfixed> (bug #809066)
- tiff3 <removed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
