[Secure-testing-commits] r54928 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Aug 21 09:00:11 UTC 2017
Author: jmm
Date: 2017-08-21 09:00:11 +0000 (Mon, 21 Aug 2017)
New Revision: 54928
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
NFUs
openjpeg unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-21 08:57:33 UTC (rev 54927)
+++ data/CVE/list 2017-08-21 09:00:11 UTC (rev 54928)
@@ -1,15 +1,15 @@
CVE-2017-12982 [memory allocation failure in opj_aligned_alloc_n (opj_malloc.c)]
- - openjpeg2 <unfixed>
+ - openjpeg2 <unfixed> (unimportant)
NOTE: https://github.com/uclouvain/openjpeg/issues/983
NOTE: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
CVE-2017-12975
RESERVED
CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ...)
- TODO: check
+ NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an ...)
- TODO: check
+ NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when ...)
- TODO: check
+ NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12976 [Command injection via malicious ssh URLs]
- git-annex 6.20170818-1
NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-08-21 08:57:33 UTC (rev 54927)
+++ data/dsa-needed.txt 2017-08-21 09:00:11 UTC (rev 54928)
@@ -38,7 +38,7 @@
--
graphicsmagick
--
-imagemagick
+imagemagick (jmm)
wait until more issues have piled up
--
jbig2dec
More information about the Secure-testing-commits
mailing list