Calibre in wheezy not affected by CVE-2010-1028

The vulnerable code was not introduced until version 0.99.3 by the following upstream commit: commit 93b2f860f9fa5c73773013b29d152b1723108140 Author: Kovid Goyal <kovid@kovidgoyal.net> Date: Sun Oct 21 15:09:07 2012 +0530 Add code to convert between WOFF<->sfnt font files git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@49659 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Brian May <brian@microcomaustralia.com.au> 2017-03-14 06:26:24 +0000
committer: Brian May <brian@microcomaustralia.com.au> 2017-03-14 06:26:24 +0000
commit: a04cdbb36970a4488e065689e50539f3176542f7 (patch)
tree: 9e5d53684105f59fc4a2fa2ac4306e7745920694 /data/CVE/2010.list
parent: 3e7b041f4ad31254d5ceac48959168d0b29aa147 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index ead91a2155..1bdf8093c5 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -11135,6 +11135,7 @@ CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Op
 	- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
 	- iceape <not-affected> (Vulnerable code not present)
 	- calibre 2.38.0+dfsg-1 (bug #787085)
+	[wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)
 	NOTE: 2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/
 CVE-2010-XXXX [Escape href attribute in auto links]
 	- redmine 0.9.3-3
author	Brian May <brian@microcomaustralia.com.au>	2017-03-14 06:26:24 +0000
committer	Brian May <brian@microcomaustralia.com.au>	2017-03-14 06:26:24 +0000
commit	a04cdbb36970a4488e065689e50539f3176542f7 (patch)
tree	9e5d53684105f59fc4a2fa2ac4306e7745920694 /data/CVE/2010.list
parent	3e7b041f4ad31254d5ceac48959168d0b29aa147 (diff)