[Secure-testing-commits] r58185 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Dec 1 15:44:29 UTC 2017
Author: jmm
Date: 2017-12-01 15:44:29 +0000 (Fri, 01 Dec 2017)
New Revision: 58185
Modified:
data/CVE/list
Log:
wireshark triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-01 15:38:34 UTC (rev 58184)
+++ data/CVE/list 2017-12-01 15:44:29 UTC (rev 58185)
@@ -45,8 +45,8 @@
RESERVED
CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...)
- ffmpeg <unfixed>
+ [stretch] - ffmpeg <postponed> (Can wait for the next 3.2.x release)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
- TODO: check
CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
@@ -6865,6 +6865,8 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html
CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an ...)
- wireshark 2.4.2-1 (low)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
NOTE: https://code.wireshark.org/review/23663
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8
@@ -11036,6 +11038,8 @@
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP ...)
- wireshark 2.4.1-1
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
@@ -11052,6 +11056,8 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html
CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL ...)
- wireshark 2.4.1-1
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html
@@ -18015,6 +18021,7 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML ...)
- wireshark 2.4.0-1 (bug #870180)
+ [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied)
[wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796
@@ -18041,6 +18048,8 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html
CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...)
- wireshark 2.4.0-1 (bug #870172)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html
@@ -22597,7 +22606,9 @@
CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali ...)
NOT-FOR-US: Quali CloudShell
CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows ...)
- - wireshark 2.4.0-1 (bug #870175)
+ - wireshark 2.4.0-1 (low; bug #870175)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...)
@@ -23179,9 +23190,13 @@
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
- wireshark 2.4.0-1 (low; bug #870174)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...)
- wireshark 2.4.0-1 (low; bug #870173)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier ...)
NOT-FOR-US: Cognito Software Moneyworks
@@ -23968,13 +23983,16 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646
CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (Only affects 2.2.x)
[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599
CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector ...)
@@ -23990,7 +24008,9 @@
NOTE: the related commits from the CVE-2017-11411. Otherwise those releases
NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix.
CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...)
@@ -24001,24 +24021,33 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...)
- wireshark 2.2.7-1 (bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (Only affects 2.2.x)
[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631
CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701
CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector ...)
- - wireshark 2.2.7-1 (bug #864058)
+ - wireshark 2.2.7-1 (low; bug #864058)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ [jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725
CVE-2017-9342
More information about the Secure-testing-commits
mailing list