[Secure-testing-team] Bug#870356: potrace: CVE-2017-12067
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 1 11:44:30 UTC 2017
Source: potrace
Version: 1.14-2
Severity: minor
Tags: upstream security
Hi,
the following vulnerability was published for potrace.
CVE-2017-12067[0]:
| Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic
| function in mkbitmap.c.
This does not need any immediate update, since it seems only relates
to the mkbitmap cli tool. Main pupose is can you bring that to
upstream? The original reporter might not have done that.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12067
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list