[Secure-testing-commits] r54166 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 1 08:59:44 UTC 2017
Author: carnil
Date: 2017-08-01 08:59:44 +0000 (Tue, 01 Aug 2017)
New Revision: 54166
Modified:
data/CVE/list
Log:
Add two new libvorbis issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-01 08:41:27 UTC (rev 54165)
+++ data/CVE/list 2017-08-01 08:59:44 UTC (rev 54166)
@@ -107,7 +107,8 @@
CVE-2017-11736 (SQL injection vulnerability in ...)
NOT-FOR-US: BigTree CMS
CVE-2017-11735 (The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis ...)
- TODO: check
+ - libvorbis <unfixed>
+ NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
CVE-2017-11734 (A heap-based buffer over-read was found in the function ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/83
@@ -1301,7 +1302,8 @@
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
- TODO: check
+ - libvorbis <unfixed>
+ NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
- sox <unfixed> (bug #870328)
[stretch] - sox <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list