Date: Tue, 17 Jan 2017 11:33:28 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) On Monday 16 January 2017 19:08:48 cve-assign@...re.org wrote: > >  > > https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-de > > c_clnpass-jpc_t1dec-c > > > > AddressSanitizer: SEGV on unknown address > > The signal is caused by a WRITE memory access. > > > > dec_clnpass ... jasper-1.900.27/src/libjasper/jpc/jpc_t1dec.c:869:4 > > Use CVE-2017-5503. > > > -- > CVE Assignment Team > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > [ A PGP key is available for encrypted communications at > http://cve.mitre.org/cve/request_id.html ] The previous mail clearly state: > Timeline: > 2016-11-20: bug discovered and reported to upstream Why a CVE-2017-* ? -- Agostino
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ