[Secure-testing-commits] r54495 - data/CVE

Wed Aug 9 22:52:04 UTC 2017

Author: jmm
Date: 2017-08-09 22:52:04 +0000 (Wed, 09 Aug 2017)
New Revision: 54495

Modified:
   data/CVE/list
Log:
wildmidi no-dsa/not-affected
mame doesn't embed libnodefart in mame (checked jessie and stretch)
jetty no-dsa
mcollective no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-09 22:21:21 UTC (rev 54494)
+++ data/CVE/list	2017-08-09 22:52:04 UTC (rev 54495)
@@ -2554,24 +2554,32 @@
 CVE-2017-11664
 	RESERVED
 	- wildmidi <unfixed>
+	[stretch] - wildmidi <no-dsa> (Minor issue)
+	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
 CVE-2017-11663
 	RESERVED
 	- wildmidi <unfixed>
+	[stretch] - wildmidi <no-dsa> (Minor issue)
+	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
 CVE-2017-11662
 	RESERVED
 	- wildmidi <unfixed>
+	[stretch] - wildmidi <no-dsa> (Minor issue)
+	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
 CVE-2017-11661
 	RESERVED
 	- wildmidi <unfixed>
+	[stretch] - wildmidi <no-dsa> (Minor issue)
+	[jessie] - wildmidi <not-affected> (vulnerable code not present)
 	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
 	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
@@ -4265,11 +4273,8 @@
 CVE-2017-11120
 	RESERVED
 CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...)
-	- mame <unfixed>
 	- xine-lib-1.2 <not-affected> (it is built with --disable-nosefart)
 	- xine-lib <not-affected> (it is built with --disable-nosefart)
-	TODO: check
-	NOTE: mame is probably not affected
 CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in ...)
 	NOT-FOR-US: OpenExif
 CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in ...)
@@ -7846,8 +7851,11 @@
 CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
 	{DLA-1021-1 DLA-1020-1}
 	- jetty9 9.2.22-1 (bug #864898)
+	[stretch] - jetty9 <no-dsa> (Minor issue)
 	- jetty8 <removed>
+	[jessie] - jetty8 <no-dsa> (Minor issue)
 	- jetty <removed>
+	[jessie] - jetty <no-dsa> (Minor issue)
 	NOTE: https://github.com/eclipse/jetty.project/issues/1556
 	NOTE: https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02
 	NOTE: https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58
@@ -30189,6 +30197,7 @@
 	RESERVED
 CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...)
 	- mcollective <unfixed> (bug #866711)
+	[jessie] - mcollective <no-dsa> (Minor issue)
 	NOTE: https://puppet.com/security/cve/cve-2017-2292
 	NOTE: https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0
 CVE-2017-2291
@@ -57174,6 +57183,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
 CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet ...)
 	- mcollective <unfixed> (bug #850968)
+	[jessie] - mcollective <no-dsa> (Minor issue)
 	NOTE: https://puppet.com/security/cve/cve-2016-2788
 	NOTE: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d
 CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise 2015.3.x ...)


