[Secure-testing-commits] r50535 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Apr 10 16:57:45 UTC 2017 

Author: jmm
Date: 2017-04-10 16:57:44 +0000 (Mon, 10 Apr 2017)
New Revision: 50535

Modified:
   data/CVE/list
Log:
vim issues also affect neovim
new heimdal issue
more elfutils no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-10 16:00:34 UTC (rev 50534)
+++ data/CVE/list	2017-04-10 16:57:44 UTC (rev 50535)
@@ -7,18 +7,22 @@
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
 CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...)
 	- elfutils <unfixed> (bug #859990)
+	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
 CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
 	- elfutils <unfixed> (bug #859991)
+	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
 CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
 	- elfutils <unfixed> (bug #859992)
+	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
 CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
 	- elfutils <unfixed> (bug #859993)
+	[jessie] - elfutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
 	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
 CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compression ...)
@@ -2731,6 +2735,7 @@
 	RESERVED
 CVE-2017-6594
 	RESERVED
+	- heimdal 7.1.0+dfsg-10
 CVE-2017-6593
 	RESERVED
 CVE-2017-6592
@@ -3631,11 +3636,13 @@
 	{DLA-850-1}
 	- vim 2:8.0.0197-3 (bug #856266)
 	[jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
+	- neovim 0.1.7-4
 	NOTE: Fixed by: https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
 CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occur ...)
 	{DLA-850-1}
 	- vim 2:8.0.0197-3 (bug #856266)
 	[jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
+	- neovim 0.1.7-4
 	NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
 CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows ...)
 	NOT-FOR-US: Grails PDF plugin
@@ -4674,6 +4681,7 @@
 CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree ...)
 	{DSA-3786-1 DLA-822-1}
 	- vim 2:8.0.0197-2 (bug #854969)
+	- neovim 0.1.7-4
 	NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
 CVE-2017-5952
 	RESERVED

More information about the Secure-testing-commits mailing list