[Secure-testing-commits] r55267 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Aug 30 20:47:34 UTC 2017 

Author: jmm
Date: 2017-08-30 20:47:33 +0000 (Wed, 30 Aug 2017)
New Revision: 55267

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
lame no-dsa
fontforge no-dsa
add simplesamlphp to dsa-needed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-30 20:45:49 UTC (rev 55266)
+++ data/CVE/list	2017-08-30 20:47:33 UTC (rev 55267)
@@ -249,6 +249,8 @@
 	RESERVED
 CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in ...)
 	- lame <unfixed>
+	[stretch] - lame <no-dsa> (Minor issue)
+	[jessie] - lame <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/lame/bugs/472/
 CVE-2017-13711 [Slirp: use-after-free when sending response]
 	RESERVED
@@ -5894,7 +5896,9 @@
 	NOTE: https://github.com/fontforge/fontforge/issues/3090
 	NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3
 CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ...)
-	- fontforge <unfixed> (bug #873588)
+	- fontforge <unfixed> (low; bug #873588)
+	[stretch] - fontforge <no-dsa> (Minor issue)
+	[jessie] - fontforge <no-dsa> (Minor issue)
 	NOTE: https://github.com/fontforge/fontforge/issues/3098
 CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
 	{DSA-3958-1 DLA-1065-1}
@@ -5906,7 +5910,9 @@
 	NOTE: https://github.com/fontforge/fontforge/issues/3087
 	NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b
 CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc ...)
-	- fontforge <unfixed> (bug #873587)
+	- fontforge <unfixed> (low; bug #873587)
+	[stretch] - fontforge <no-dsa> (Minor issue)
+	[jessie] - fontforge <no-dsa> (Minor issue)
 	NOTE: https://github.com/fontforge/fontforge/issues/3097
 CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
 	{DSA-3958-1 DLA-1065-1}

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-08-30 20:45:49 UTC (rev 55266)
+++ data/dsa-needed.txt	2017-08-30 20:47:33 UTC (rev 55267)
@@ -76,6 +76,8 @@
 --
 qemu/oldstable
 --
+simplesamlphp
+--
 strongswan (corsac)
 --
 tcpdump

More information about the Secure-testing-commits mailing list