[Secure-testing-commits] r54309 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Aug 5 07:07:59 UTC 2017
Author: carnil
Date: 2017-08-05 07:07:59 +0000 (Sat, 05 Aug 2017)
New Revision: 54309
Modified:
data/CVE/list
Log:
Mark swftools as unimportant, only CLI tool crashes
There is no actionable information provided by the reporter, which is
quite bad. It was as well only reported against an ancient version. I
assume the issues are still unfixed, but mark them as unimportant.
Furhtermore I directly forwarded the CVEs to upstream, which might be
able to trackle them down.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-05 06:29:08 UTC (rev 54308)
+++ data/CVE/list 2017-08-05 07:07:59 UTC (rev 54309)
@@ -5101,16 +5101,16 @@
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/74
CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four year old release
CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four year old release
CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four year old release
CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four year old release
CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
NOT-FOR-US: IrfanView
@@ -10851,7 +10851,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four year old release
CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...)
- lame 3.99.5+repack1-7
More information about the Secure-testing-commits
mailing list