Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 17 Jan 2017 11:33:24 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)

On Monday 16 January 2017 19:10:08 cve-assign@...re.org wrote:
> > []
> > https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc
> > _undo_roi-jpc_dec-c
> > 
> > AddressSanitizer: SEGV on unknown address
> > The signal is caused by a READ memory access.
> > 
> > jpc_undo_roi ... jasper-1.900.27/src/libjasper/jpc/jpc_dec.c:1925:10
> 
> Use CVE-2017-5504.
> 
> 
> --
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]

The previous mail clearly state:
> Timeline:
> 2016-11-20: bug discovered and reported to upstream

Why a CVE-2017-* ?

--
Agostino

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.