[Secure-testing-commits] r40419 - data/CVE

Sat, 19 Mar 2016 03:55:35 -0700 

Author: jmm
Date: 2016-03-16 20:53:37 +0000 (Wed, 16 Mar 2016)
New Revision: 40419

Modified:
   data/CVE/list
Log:
bug filed for openjpeg2


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-03-16 20:42:22 UTC (rev 40418)
+++ data/CVE/list       2016-03-16 20:53:37 UTC (rev 40419)
@@ -196,17 +196,17 @@
        [wheezy] - flashrom <no-dsa> (Minor issue)
        NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
 CVE-2016-3183 [Out-Of-Bounds Read in sycc422_to_rgb function]
-       - openjpeg2 <unfixed>
-       NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/14/14
+       - openjpeg2 <unfixed> (bug #818399)
+       NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
        NOTE: https://github.com/uclouvain/openjpeg/issues/726
 CVE-2016-3182 [Heap Corruption in opj_free function]
-       - openjpeg2 <unfixed>
-       NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/14/13
+       - openjpeg2 <unfixed> (bug #818399)
+       NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
        NOTE: https://github.com/uclouvain/openjpeg/issues/725
        TODO: check, possibly as well src:openjpeg
 CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function]
-       - openjpeg2 <unfixed>
-       NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/03/14/12
+       - openjpeg2 <unfixed> (bug #818399)
+       NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12
        NOTE: https://github.com/uclouvain/openjpeg/issues/724
 CVE-2016-XXXX [An invalid off by one read can happen in the function 
pr_fs_dircat()]
        - proftpd-dfsg <undetermined>
@@ -4106,9 +4106,9 @@
        - lha <removed> (unimportant)
        NOTE: Non-free not supported
 CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote 
...)
-       - openjpeg2 <unfixed>
+       - openjpeg2 <unfixed> (bug #818399)
 CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data 
function ...)
-       - openjpeg2 <unfixed>
+       - openjpeg2 <unfixed> (bug #818399)
 CVE-2016-1920 [VPN Man-in-the-Middle due to shared certificate store on KNOX 
1.0 / Android 4.3]
        RESERVED
        NOT-FOR-US: KNOX 1.0 / Android 4.3


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to