[Secure-testing-commits] r54283 - data/CVE

Fri Aug 4 20:16:38 UTC 2017

Author: jmm
Date: 2017-08-04 20:16:38 +0000 (Fri, 04 Aug 2017)
New Revision: 54283

Modified:
   data/CVE/list
Log:
remove one qemu no-dsa entry, which will be fixed
podofo no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-04 20:15:59 UTC (rev 54282)
+++ data/CVE/list	2017-08-04 20:16:38 UTC (rev 54283)
@@ -4232,7 +4232,6 @@
 	RESERVED
 CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick ...)
 	- qemu <unfixed> (bug #867751)
-	[stretch] - qemu <no-dsa> (Minor issue)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
@@ -7956,7 +7955,6 @@
 CVE-2017-9376
 	RESERVED
 CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller ...)
-	{DSA-3920-1}
 	- qemu <unfixed> (bug #864219)
 	[jessie] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <not-affected> (vulnerable code not present)
@@ -16876,6 +16874,8 @@
 	NOT-FOR-US: EvoStream Media Server
 CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in ...)
 	- libpodofo <unfixed> (bug #861566)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: The motivation for no-dsa in wheezy is that there are no known
 	NOTE: services that use this library (apart from desktop applications)
@@ -16885,17 +16885,22 @@
 CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861565)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
 CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861564)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
 CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace ...)
 	- libpodofo <unfixed> (bug #861563)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: The motivation for no-dsa in wheezy is that there are no known
 	NOTE: services that use this library (apart from desktop applications)
@@ -16904,6 +16909,8 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
 CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...)
 	- libpodofo <unfixed> (bug #861562)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: The motivation for no-dsa in wheezy is that there are no known
 	NOTE: services that use this library (apart from desktop applications)
@@ -16913,12 +16920,14 @@
 CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...)
 	{DLA-929-1}
 	- libpodofo 0.9.4-5 (bug #861561)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
 	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
 CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861560)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
@@ -16926,12 +16935,15 @@
 CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
 	{DLA-968-1}
 	- libpodofo 0.9.4-6 (bug #861559)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
 	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
 	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
 CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement ...)
 	- libpodofo <unfixed> (bug #861558)
+	[stretch] - libpodofo <no-dsa> (Minor issue)
+	[jessie] - libpodofo <no-dsa> (Minor issue)
 	[wheezy] - libpodofo <no-dsa> (Minor issue)
 	NOTE: The motivation for no-dsa in wheezy is that there are no known
 	NOTE: services that use this library (apart from desktop applications)


