[Secure-testing-commits] r54166 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Aug 1 08:59:44 UTC 2017


Author: carnil
Date: 2017-08-01 08:59:44 +0000 (Tue, 01 Aug 2017)
New Revision: 54166

Modified:
   data/CVE/list
Log:
Add two new libvorbis issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-01 08:41:27 UTC (rev 54165)
+++ data/CVE/list	2017-08-01 08:59:44 UTC (rev 54166)
@@ -107,7 +107,8 @@
 CVE-2017-11736 (SQL injection vulnerability in ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2017-11735 (The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis ...)
-	TODO: check
+	- libvorbis <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
 CVE-2017-11734 (A heap-based buffer over-read was found in the function ...)
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/83
@@ -1301,7 +1302,8 @@
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
-	TODO: check
+	- libvorbis <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
 CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
 	- sox <unfixed> (bug #870328)
 	[stretch] - sox <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list