[Secure-testing-commits] r54444 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Aug 8 19:51:38 UTC 2017 

Author: jmm
Date: 2017-08-08 19:51:38 +0000 (Tue, 08 Aug 2017)
New Revision: 54444

Modified:
   data/CVE/list
Log:
new firefox issues
jasper no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-08 18:33:28 UTC (rev 54443)
+++ data/CVE/list	2017-08-08 19:51:38 UTC (rev 54444)
@@ -7311,6 +7311,7 @@
 	RESERVED
 CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...)
 	- jasper <removed>
+	[jessie] - jasper <no-dsa> (Minor issue)
 	NOTE: https://github.com/mdadams/jasper/issues/140
 CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
 	- check-mk <unfixed> (bug #865497)
@@ -13212,70 +13213,109 @@
 	RESERVED
 CVE-2017-7808
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7807
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7806
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7805
 	RESERVED
 CVE-2017-7804
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
+	NOTE: Might be Windows-specific
 CVE-2017-7803
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7802
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7801
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7800
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7799
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7798
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7797
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7796
 	RESERVED
+	- firefox <not-affected> (Windows-specific)
 CVE-2017-7795
 	RESERVED
 CVE-2017-7794
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7793
 	RESERVED
 CVE-2017-7792
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7791
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7790
 	RESERVED
+	- firefox <not-affected> (Windows-specific)
 CVE-2017-7789 [Firefox ignores Strict-Transport-Security when two more STS headers are sent from server]
 	RESERVED
 	- firefox <unfixed> (low)
-	- firefox-esr <unfixed> (low)
-	[stretch] - firefox-esr <no-dsa> (Wait for next ESR release, if it doesn't get merged into ESR ignore)
-	[jessie] - firefox-esr <no-dsa> (Wait for next ESR release, if it doesn't get merged into ESR ignore)
-	[wheezy] - firefox-esr <no-dsa> (Wait for next ESR release, if it doesn't get merged into ESR ignore)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642
 CVE-2017-7788
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7787
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7786
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7785
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7784
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7783
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7782
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
+	NOTE: Might be Windows-specific
 CVE-2017-7781
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7780
 	RESERVED
+	- firefox <unfixed>
 CVE-2017-7779
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7778
 	RESERVED
 	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
@@ -13457,6 +13497,8 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
 CVE-2017-7753
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed> 
 CVE-2017-7752
 	RESERVED
 	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
@@ -20379,16 +20421,17 @@
 CVE-2017-5582
 	RESERVED
 CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in ...)
-	- jasper <unfixed>
+	- jasper <removed>
+	[jessie] - jasper <no-dsa> (Minor issue)
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
 CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...)
-	- jasper <unfixed> (unimportant)
+	- jasper <removed> (unimportant)
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8
 	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...)
-	- jasper <unfixed> (unimportant)
+	- jasper <removed> (unimportant)
 	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
 	NOTE: Not suitable for code injection, hardly denial of service

More information about the Secure-testing-commits mailing list