Author: carnil
Date: 2016-10-16 05:32:54 +0000 (Sun, 16 Oct 2016)
New Revision: 45347

Modified:
   data/CVE/list
Log:
Add jasper issues CVE-2016-869{0,1,2,3}

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-10-16 05:27:33 UTC (rev 45346)
+++ data/CVE/list       2016-10-16 05:32:54 UTC (rev 45347)
@@ -43,6 +43,15 @@
        - potrace 1.13-1
        NOTE: 
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
        TODO: check
+CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
+       - jasper <unfixed>
+CVE-2016-8692 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
+       - jasper <unfixed>
+CVE-2016-8691 [FPE on unknown address ... jpc_dec_process_siz ... jpc_dec.c]
+       - jasper <unfixed>
+CVE-2016-8690 [SEGV on unknown address ... bmp_getdata ... bmp_dec.c]
+       - jasper <unfixed>
+       NOTE: CVE ID for the first and fifth items of 
http://www.openwall.com/lists/oss-security/2016/08/23/6 post
 CVE-2016-8670 [Stack Buffer Overflow in GD dynamicGetbuf]
        {DSA-3693-1}
        - libgd2 <unfixed> (bug #840805)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to