[Secure-testing-commits] r55309 - in data: . CVE

[Guido Guenther]

Author: agx
Date: 2017-08-31 11:09:49 +0000 (Thu, 31 Aug 2017)
New Revision: 55309

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
File bugs for tcpdump

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-31 11:09:39 UTC (rev 55308)
+++ data/CVE/list	2017-08-31 11:09:49 UTC (rev 55309)
@@ -6575,13 +6575,13 @@
 CVE-2017-11544
 	REJECTED
 CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in ...)
-	- tcpdump <unfixed>
+	- tcpdump <unfixed> (bug #873806)
 	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
 CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print ...)
-	- tcpdump <unfixed>
+	- tcpdump <unfixed> (bug #873805)
 	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim
 CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print ...)
-	- tcpdump <unfixed>
+	- tcpdump <unfixed> (bug #873804)
 	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print
 CVE-2017-11540 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
 	- imagemagick <not-affected> (Only affects ImageMagick-7 series)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-08-31 11:09:39 UTC (rev 55308)
+++ data/dla-needed.txt	2017-08-31 11:09:49 UTC (rev 55309)
@@ -160,9 +160,8 @@
   NOTE: can be triggered/verified in this version
 --
 tcpdump (Guido Günther)
-  NOTE: new upstream release 4.9.1 fixed CVE-2017-11108
-  NOTE: sent patch for CVE-2017-1154{1,2} upstream, upstream master no longer
-  NOTE: affected by CVE-2017-11543.
+  NOTE: Contacted upstream regarding CVE-2017-11543
+  NOTE: package otherwise ready for upload
 --
 tiff (Roberto C. Sánchez)
 --