Date: Tue, 17 Jan 2017 11:33:24 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) On Monday 16 January 2017 19:10:08 cve-assign@...re.org wrote: > >  > > https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc > > _undo_roi-jpc_dec-c > > > > AddressSanitizer: SEGV on unknown address > > The signal is caused by a READ memory access. > > > > jpc_undo_roi ... jasper-1.900.27/src/libjasper/jpc/jpc_dec.c:1925:10 > > Use CVE-2017-5504. > > > -- > CVE Assignment Team > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > [ A PGP key is available for encrypted communications at > http://cve.mitre.org/cve/request_id.html ] The previous mail clearly state: > Timeline: > 2016-11-20: bug discovered and reported to upstream Why a CVE-2017-* ? -- Agostino
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.