[Secure-testing-commits] r58265 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Dec 5 09:18:13 UTC 2017 

Author: jmm
Date: 2017-12-05 09:18:13 +0000 (Tue, 05 Dec 2017)
New Revision: 58265

Modified:
   data/CVE/list
Log:
nasm fixed
further wireshark triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-05 09:10:17 UTC (rev 58264)
+++ data/CVE/list	2017-12-05 09:18:13 UTC (rev 58265)
@@ -11398,7 +11398,7 @@
 	NOTE: https://github.com/mdadams/jasper/issues/146
 	NOTE: Possible false-positive, cf. https://github.com/mdadams/jasper/issues/146#issuecomment-330674648
 CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
-	- nasm <unfixed> (unimportant; bug #874731)
+	- nasm 2.13.02-0.1 (unimportant; bug #874731)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423
 	NOTE: Crash in CLI tool, no securiy impact
 CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in ...)
@@ -12658,6 +12658,8 @@
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
 CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could ...)
 	- wireshark 2.4.1-1
+	[jessie] - wireshark <not-affected> (Vulnerable code not present)
+	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e
@@ -19643,7 +19645,8 @@
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c7168cc5f044b4da8747d35da0b2b204dabf398
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html
 CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a ...)
-	- wireshark 2.2.0~rc1+g438c022-1
+	- wireshark 2.2.0~rc1+g438c022-1 (low)
+	[jessie] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=57b83bbbd76f543eb8d108919f13b662910bff9a
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-37.html
@@ -20690,7 +20693,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
 CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...)
 	{DLA-1041-1}
-	- nasm <unfixed> (bug #867988)
+	- nasm 2.13.02-0.1 (bug #867988)
 	[stretch] - nasm <no-dsa> (Minor issue)
 	[jessie] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415
@@ -21798,7 +21801,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411
 CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...)
 	{DLA-1041-1}
-	- nasm <unfixed> (bug #867988)
+	- nasm 2.13.02-0.1 (bug #867988)
 	[stretch] - nasm <no-dsa> (Minor issue)
 	[jessie] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414
@@ -30777,6 +30780,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581
 CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector ...)
 	- wireshark 2.2.6+g32dac6a-1
+	[jessie] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559

More information about the Secure-testing-commits mailing list