[Secure-testing-commits] r56746 - data/CVE

Salvatore Bonaccorso Mon, 16 Oct 2017 04:17:39 -0700

Author: carnil
Date: 2017-10-16 11:17:18 +0000 (Mon, 16 Oct 2017)
New Revision: 56746


Modified:
   data/CVE/list
Log:
Three openjpeg2 issues fixed in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-16 11:06:13 UTC (rev 56745)
+++ data/CVE/list       2017-10-16 11:17:18 UTC (rev 56746)
@@ -3386,7 +3386,7 @@
 CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in 
...)
        - openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not 
applied)
 CVE-2017-14152 (A mishandled zero case was discovered in 
opj_j2k_set_cinema_parameters ...)
-       - openjpeg2 <unfixed> (bug #874431)
+       - openjpeg2 2.3.0-1 (bug #874431)
        NOTE: 
https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
        NOTE: https://github.com/uclouvain/openjpeg/issues/985
@@ -3395,7 +3395,7 @@
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
        NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
 CVE-2017-14151 (An off-by-one error was discovered in ...)
-       - openjpeg2 <unfixed> (bug #874430)
+       - openjpeg2 2.3.0-1 (bug #874430)
        NOTE: 
https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
        NOTE: 
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
        NOTE: https://github.com/uclouvain/openjpeg/issues/982
@@ -4652,7 +4652,7 @@
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
 CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage 
function ...)
-       - openjpeg2 <unfixed> (bug #874115)
+       - openjpeg2 2.3.0-1 (bug #874115)
        NOTE: Fixed by: 
https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
        NOTE: Reproducer: 
https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
        NOTE: https://github.com/uclouvain/openjpeg/issues/997


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56746 - data/CVE

Reply via email to