[Secure-testing-commits] r55090 - data/CVE

Hugo Lefeuvre hle at moszumanska.debian.org
Fri Aug 25 21:19:57 UTC 2017 

Author: hle
Date: 2017-08-25 21:19:56 +0000 (Fri, 25 Aug 2017)
New Revision: 55090

Modified:
   data/CVE/list
Log:
Fix typo in CVE-2017-6419 & CVE-2017-11423 (does not does not have). Mark CVE-2017-9996 <not-affected> in wheezy (Vulnerable code not present).

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-25 21:16:41 UTC (rev 55089)
+++ data/CVE/list	2017-08-25 21:19:56 UTC (rev 55090)
@@ -5990,8 +5990,7 @@
 	NOTE: ClamaV: https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
 	NOTE: ClamAV uses the libmspack system library when available. This is the
 	NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
-	NOTE: does not have libmspack and thus need to have the fix as well in the
-	NOTE: src:clamav source package.
+	NOTE: libmspack and thus need to have the fix as well in the src:clamav source package.
 CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's ...)
 	NOT-FOR-US: Statamic
 CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
@@ -8374,6 +8373,7 @@
 CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...)
 	- ffmpeg 7:3.2.5-1
 	- libav <undetermined>
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
 CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate ...)
@@ -20968,7 +20968,7 @@
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
 	NOTE: ClamAV uses the libmspack system library when available. This is the
 	NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
-	NOTE: does not have libmspack and thus need to have the fix as well in the
+	NOTE: have libmspack and thus need to have the fix as well in the
 	NOTE: src:clamav source package.
 	NOTE: libmspack: https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229
 CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a ...)

More information about the Secure-testing-commits mailing list