[Secure-testing-commits] r54267 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Aug 4 15:24:56 UTC 2017
Author: jmm
Date: 2017-08-04 15:24:56 +0000 (Fri, 04 Aug 2017)
New Revision: 54267
Modified:
data/CVE/list
Log:
batik, lame, libid3tag no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-04 15:01:35 UTC (rev 54266)
+++ data/CVE/list 2017-08-04 15:24:56 UTC (rev 54267)
@@ -1568,7 +1568,9 @@
[wheezy] - ioquake3 <end-of-life> (games are not supported in Wheezy)
NOTE: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1
CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused by a ...)
- - lame <unfixed>
+ - lame <unfixed> (low)
+ [stretch] - lame <no-dsa> (Minor issue)
+ [jessie] - lame <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/lame/bugs/460/
NOTE: Possible duplicate with https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg ...)
@@ -2068,6 +2070,8 @@
NOTE: http://seclists.org/fulldisclosure/2017/Jul/94
CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows ...)
- libid3tag <unfixed> (bug #870333)
+ [stretch] - libid3tag <no-dsa> (Minor issue)
+ [jessie] - libid3tag <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/85
CVE-2017-11550 (The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows ...)
- libid3tag 0.15.1b-9 (bug #405801)
@@ -5052,15 +5056,23 @@
NOT-FOR-US: IrfanView
CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in ...)
- lame <unfixed> (bug #867725)
+ [stretch] - lame <no-dsa> (Minor issue)
+ [jessie] - lame <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
- lame <unfixed> (bug #867725)
+ [stretch] - lame <no-dsa> (Minor issue)
+ [jessie] - lame <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
- lame <unfixed> (bug #867725)
+ [stretch] - lame <no-dsa> (Minor issue)
+ [jessie] - lame <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/
CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in ...)
- lame <unfixed> (bug #867725)
+ [stretch] - lame <no-dsa> (Minor issue)
+ [jessie] - lame <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is ...)
- mosquitto <unfixed> (bug #865959)
@@ -19293,6 +19305,8 @@
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...)
{DLA-926-1}
- batik <unfixed> (bug #860566)
+ [jessie] - batik <no-dsa> (Minor issue)
+ [stretch] - batik <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1
NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139
NOTE: Fixed by: http://svn.apache.org/r1743326
More information about the Secure-testing-commits
mailing list