[Secure-testing-commits] r55239 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-08-30 14:45:21 +0000 (Wed, 30 Aug 2017)
New Revision: 55239

Modified:
   data/CVE/list
Log:
Add todo note for libgig issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-30 14:23:33 UTC (rev 55238)
+++ data/CVE/list	2017-08-30 14:45:21 UTC (rev 55239)
@@ -1871,18 +1871,23 @@
 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...)
 	- libgig <unfixed> (bug #873718)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
+	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in ...)
 	- libgig <unfixed> (bug #873718)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
+	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote ...)
 	- libgig <unfixed> (bug #873718)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
+	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in ...)
 	- libgig <unfixed> (bug #873718)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
+	TODO: check, seem fixed with 4.0.0-4, but fix uncovers one more problem
 CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows ...)
 	- libgig <unfixed> (bug #873718)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
+	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...)
 	NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress
 CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier ...)