[Secure-testing-commits] r46986 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Dec 12 10:55:30 UTC 2016
Author: jmm
Date: 2016-12-12 10:55:30 +0000 (Mon, 12 Dec 2016)
New Revision: 46986
Modified:
data/CVE/list
Log:
p7zip, ffmpeg unimportant
remove no-dsa entry, not needed for unimportant issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-12 09:42:11 UTC (rev 46985)
+++ data/CVE/list 2016-12-12 10:55:30 UTC (rev 46986)
@@ -7795,8 +7795,10 @@
NOT-FOR-US: SAP
CVE-2016-9561
RESERVED
- - ffmpeg <undetermined>
+ - ffmpeg <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/1
+ NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media
+ NOTE: files, it needs to set resource limits
CVE-2016-9554
RESERVED
CVE-2016-9553
@@ -9095,10 +9097,11 @@
NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
- - p7zip 16.02+dfsg-2 (bug #844344)
+ - p7zip 16.02+dfsg-2 (unimportant; bug #844344)
[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
[wheezy] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
NOTE: https://sourceforge.net/p/p7zip/bugs/185/
+ NOTE: no security impact
CVE-2016-9294 (Artifex Software, Inc. MuJS before ...)
NOT-FOR-US: MuJS
CVE-2016-9279
@@ -25433,7 +25436,6 @@
CVE-2016-4484
RESERVED
- cryptsetup 2:1.7.3-2 (unimportant)
- [wheezy] - cryptsetup <no-dsa> (Minor issue)
NOTE: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
NOTE: Negligable security impact
CVE-2016-4481
More information about the Secure-testing-commits
mailing list