oss-sec mailing list archives
Re: imlib2 may need some CVEs assigned
From: cve-assign () mitre org
Date: Fri, 22 Jan 2016 13:54:07 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
imlib2 1.4.7's changelog seems to indicate fixes for issues that should probably have some CVEs assigned https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog
We feel that the best approach for now is to assign CVE IDs for the three cases in which the changelog suggests that a crash would occur.
https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56 GIF loader: Fix segv on images without colormap.
Use CVE-2014-9762.
https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2 Prevent division-by-zero crashes
Use CVE-2014-9763.
https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49 Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh
Use CVE-2014-9764. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWonoYAAoJEL54rhJi8gl5aFcQAJIhYKuGQbyH9RK1mzgqFx7n hs5b4vQgKmysd0O5+063aZdDh0JwDUn6HCXl9gYDrGyo5QusrqyTI/A1YxRNGwtP DXdUSbdQOoLrZoRKFngo0p5jiDO8nBjvNQCtXiI/ilh2uEopeUKfEFAJlpOf4JGA 5TWpq9mh+2GSHRtRkQb/PeMLADz4z7ur6FmADcngWwZ1HAAYvRBkumhuNrgmwuYi gfNwZQnb66wTlvZ9Tqx4JIRDCWNlIo7ZYkbYOYi3zWJMX2l7eb+RK0jPsDc6SiCf 0J9kl5JqNHQ0+hu/FnNf3nV8FCdiCqnP9AXkMHNqvF+KDO6iqaKDDlqd0H/F93sF Rp5dWO8NreG6pTG4KgfccuXx7veZAi6GJcezveoj9GHBNbWG0o7cLPusfHOGi/QQ iln+BakiJl7XOL9O1ngcS/UOlvKspi6EYTYB0bksgePOdKawqtvSPNW23fPqEhJ8 FF1KLwK/c53wNbl3YWNEcZW5fN1CN1jeGuRvbKd3G1OGV59sHGD0Qt0c6DzIqTJP zuJaNdreCbnZiKn8SZF/+fNvHMYS+alIr1XSm1cdbAxmvqSwzIBre0gUNfUqOjWQ BcpiklApxD+eHv3n9dOrHD9PSYss3QvFDpofvYBUjUzYz/CGnf317Pm4hccIdnbR jX1Yexx+h29NgMWslfvG =bde7 -----END PGP SIGNATURE-----
Current thread:
- imlib2 may need some CVEs assigned Mark Felder (Jan 20)
- Re: imlib2 may need some CVEs assigned cve-assign (Jan 22)