Author: carnil
Date: 2016-11-01 19:12:27 +0000 (Tue, 01 Nov 2016)
New Revision: 45848
Modified:
data/CVE/list
Log:
Update status for CVE-2016-7971/libass
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-01 18:58:56 UTC (rev 45847)
+++ data/CVE/list 2016-11-01 19:12:27 UTC (rev 45848)
@@ -3626,10 +3626,11 @@
NOTE: The "third issue" is the DoS issue as per
https://github.com/libass/libass/pull/240 with
NOTE: "id:000248,sig:11,src:004326,op:havoc,rep:16" which does not have
fix upstream
NOTE: According to https://github.com/libass/libass/pull/240 the person
reported the problem actually
- NOTE: claim that the problem is not in libass. Therefore shouldn't we
state that libass is not affected?
- NOTE: Should probably be REJECTED, asked MITRE in
http://www.openwall.com/lists/oss-security/2016/10/27/5
- NOTE: CVE assignment still disputed, only leads to a crash when
compiled with ASAN
- NOTE: otherwise takes a long time but finishes parsing the input.
+ NOTE: CVE is disputed, but still assigned to src:libass. Given the
circumstances
+ NOTE: mark as unimportant since not affecting the produced binary
packages unless
+ NOTE: it would have been compiled with ASAN.
+ NOTE: Only leads to a crash when compiled with ASAN, otherwise takes a
long time,
+ NOTE: but still finished parsing the input.
CVE-2016-7970
RESERVED
- libass 0.13.4-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
