[Secure-testing-commits] r55172 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-08-28 21:38:22 +0000 (Mon, 28 Aug 2017)
New Revision: 55172

Modified:
   data/CVE/list
Log:
new libgig issues
new lame issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-28 21:35:32 UTC (rev 55171)
+++ data/CVE/list	2017-08-28 21:38:22 UTC (rev 55172)
@@ -6,7 +6,8 @@
 CVE-2017-13713
 	RESERVED
 CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in ...)
-	TODO: check
+	- lame <unfixed>
+	NOTE: https://sourceforge.net/p/lame/bugs/472/
 CVE-2017-13711
 	RESERVED
 CVE-2017-XXXX [stack-based buffer overflow write in pgxtoimage]
@@ -1656,15 +1657,20 @@
 	- exiv2 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...)
-	TODO: check
+	- libgig <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39
 CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in ...)
-	TODO: check
+	- libgig <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39
 CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote ...)
-	TODO: check
+	- libgig <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39
 CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in ...)
-	TODO: check
+	- libgig <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39
 CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows ...)
-	TODO: check
+	- libgig <unfixed>
+	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39
 CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...)
 	NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress
 CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier ...)