Date: Tue, 17 Jan 2017 11:33:21 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) On Monday 16 January 2017 19:11:33 cve-assign@...re.org wrote: > >  > > https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas > > _matrix_asl-jas_seq-c > > > > AddressSanitizer: SEGV on unknown address > > The signal is caused by a READ memory access. > > > > jas_matrix_asl ... jasper-1.900.27/src/libjasper/base/jas_seq.c:376:11 > > Use CVE-2017-5505. > > > -- > CVE Assignment Team > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > [ A PGP key is available for encrypted communications at > http://cve.mitre.org/cve/request_id.html ] The previous mail clearly state: > Timeline: > 2016-11-20: bug discovered and reported to upstream Why a CVE-2017-* ? -- Agostino
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ