Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3e91f93d by Salvatore Bonaccorso at 2019-04-21T06:09:57Z Mark CVE-2017-18009/opencv as unfixed for unstable The checks in modules/imgcodecs/src/grfmt_hdr.cpp in 3.2.0+dfsg-6 are still the same as before the patch in https://github.com/opencv/opencv/commit/4ca89db22dea962690f31c1781bce5937ee91837 and the vulnerable code seems introduced prior to the version currently in unstable. Check: Is there are reason it would not affect yet 3.2.0+dfsg-1 onwards? - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -72781,7 +72781,7 @@ CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin befor NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function ...) [experimental] - opencv 3.4.4+dfsg-1~exp1 - - opencv 3.2.0+dfsg-6 (bug #924884) + - opencv <unfixed> (bug #924884) [stretch] - opencv <not-affected> (Vulnerable code introduced later) [jessie] - opencv <not-affected> (Vulnerable code introduced later) [wheezy] - opencv <not-affected> (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e91f93dc14d2e6f6dbf05388eb32cd79c864f35 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3e91f93dc14d2e6f6dbf05388eb32cd79c864f35 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
