[Secure-testing-team] Bug#831814: lepton: CVE-2016-6234 CVE-2016-6235 CVE-2016-6236 CVE-2016-6237 CVE-2016-6238
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 19 17:48:33 UTC 2016
Source: lepton
Version: 1.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
Multiple issues were found in lepton. The CVE request was at
http://www.openwall.com/lists/oss-security/2016/07/17/1 referencing
https://github.com/dropbox/lepton/issues/26 (note to compile with
address sanitizer to reproduce the issues).
lepton got several CVE assigned in subsequent
http://www.openwall.com/lists/oss-security/2016/07/17/6
I'm not sure if current master fixes all the reported cases from #26.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list