Author: carnil
Date: 2017-05-12 12:39:34 +0000 (Fri, 12 May 2017)
New Revision: 51575
Modified:
data/CVE/list
Log:
Update CVE-2017-8908, it is only in a new scan converter, but in unstable not
yet enabled
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-12 10:06:46 UTC (rev 51574)
+++ data/CVE/list 2017-05-12 12:39:34 UTC (rev 51575)
@@ -14,8 +14,12 @@
CVE-2017-8909
RESERVED
CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript
9.21 ...)
- - ghostscript <unfixed>
+ - ghostscript <unfixed> (unimportant)
+ [jessie] - ghostscript <not-affected> (Vulnerable code not present)
+ [wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810
+ NOTE: edgebuffer scan converter was made default only in:
http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
+ NOTE: But the vulnerable code via base/gxscan.c, a new scan converter
introduced in 9.20 is present.
CVE-2017-8907
RESERVED
CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the
x86 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
