[Secure-testing-commits] r46346 - in data: CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Nov 20 10:15:14 UTC 2016
Author: jmm
Date: 2016-11-20 10:15:14 +0000 (Sun, 20 Nov 2016)
New Revision: 46346
Modified:
data/CVE/list
data/DSA/list
Log:
CVE assignments for gstreamer plugins
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-19 23:54:26 UTC (rev 46345)
+++ data/CVE/list 2016-11-20 10:15:14 UTC (rev 46346)
@@ -156,7 +156,7 @@
- tiff 4.0.6-3
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
-CVE-2016-XXXX [gstreamer 0.10 VMNC code execution]
+CVE-2016-9446 [gstreamer 0.10 VMNC code execution #2]
- gst-plugins-bad0.10 <removed>
[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u2
- gst-plugins-bad1.0 1.10.1-1
@@ -165,6 +165,15 @@
NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
+CVE-2016-9445 [gstreamer 0.10 VMNC code execution]
+ - gst-plugins-bad0.10 <removed>
+ [jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u2
+ - gst-plugins-bad1.0 1.10.1-1
+ [jessie] - gst-plugins-bad1.0 1.4.4-2.1+deb8u1
+ NOTE: Workaround entry for DSA-3717-1 until CVE is assigned
+ NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
+ NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
+ NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-XXXX [Denial of service via transliterate mechanism]
- drupal8 <itp> (bug #756305)
- drupal7 <not-affected> (Only affects Drupal 8)
@@ -523,7 +532,7 @@
RESERVED
CVE-2016-9263
RESERVED
-CVE-2016-XXXX [gstreamer 0.10 NSF code execution]
+CVE-2016-9447 [gstreamer 0.10 NSF code execution]
- gst-plugins-bad0.10 <removed>
[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u1
NOTE: Workaround entry for DSA-3713-1 until CVE is assigned
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-11-19 23:54:26 UTC (rev 46345)
+++ data/DSA/list 2016-11-20 10:15:14 UTC (rev 46346)
@@ -1,6 +1,7 @@
[17 Nov 2016] DSA-3718-1 drupal7 - security update
[jessie] - drupal7 7.32-1+deb8u8
[17 Nov 2016] DSA-3717-1 gst-plugins-bad1.0 - security update
+ {CVE-2016-9445 CVE-2016-9446}
[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u2
[jessie] - gst-plugins-bad1.0 1.4.4-2.1+deb8u1
[16 Nov 2016] DSA-3716-1 firefox-esr - security update
@@ -13,6 +14,7 @@
NOTE: Compatibility update for mysql 5.5.53
[jessie] - akonadi 1.13.0-2+deb8u2
[15 Nov 2016] DSA-3713-1 gst-plugins-bad0.10 - security update
+ {CVE-2016-9447}
[jessie] - gst-plugins-bad0.10 0.10.23-7.4+deb8u1
[13 Nov 2016] DSA-3712-1 terminology - security update
{CVE-2015-8971}
More information about the Secure-testing-commits
mailing list