[Secure-testing-commits] r54165 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 1 08:41:27 UTC 2017
Author: carnil
Date: 2017-08-01 08:41:27 +0000 (Tue, 01 Aug 2017)
New Revision: 54165
Modified:
data/CVE/list
Log:
Mark CVE-2017-11331 as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-01 08:40:35 UTC (rev 54164)
+++ data/CVE/list 2017-08-01 08:41:27 UTC (rev 54165)
@@ -1308,10 +1308,11 @@
[jessie] - sox <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
- - vorbis-tools <unfixed>
+ - vorbis-tools <unfixed> (unimportant)
NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
NOTE: still the return of malloc is not checked.
NOTE: http://seclists.org/fulldisclosure/2017/Jul/80
+ NOTE: Crash in CLI tool only, negligible security impact
CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in ...)
NOT-FOR-US: DivFix++
CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php ...)
More information about the Secure-testing-commits
mailing list