Date: Thu, 6 Oct 2016 11:46:27 +1030 From: Doran Moppert <dmoppert@...hat.com> To: Open Source Security <oss-security@...ts.openwall.com> Subject: Re: CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) > > Do you specifically know of a distribution that still has that patch? > > Red Hat Enterprise Linux and Ubuntu LTS seem to be still carrying the > original patch. Possibly others, but these are the only ones I've > identified. I should have included this reference: https://bugzilla.redhat.com/show_bug.cgi?id=1382202 -- Doran Moppert Red Hat Product Security [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ