[Secure-testing-commits] r58383 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 9 09:35:58 UTC 2017
Author: carnil
Date: 2017-12-09 09:35:58 +0000 (Sat, 09 Dec 2017)
New Revision: 58383
Modified:
data/CVE/list
Log:
Review changes for 9.3 included via stretch-pu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-09 09:14:28 UTC (rev 58382)
+++ data/CVE/list 2017-12-09 09:35:58 UTC (rev 58383)
@@ -3907,7 +3907,7 @@
RESERVED
CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows ...)
- fig2dev 1:3.2.6a-5 (bug #881143)
- [stretch] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev 1:3.2.6a-2+deb9u1
- transfig <removed>
[jessie] - transfig <no-dsa> (Minor issue)
[wheezy] - transfig <no-dsa> (Minor issue)
@@ -4256,7 +4256,7 @@
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
{DLA-1190-1 DLA-1189-1}
- python2.7 2.7.13-4
- [stretch] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 2.7.13-2+deb9u2
[jessie] - python2.7 <no-dsa> (Minor issue)
- python2.6 <removed>
NOTE: https://bugs.python.org/issue30657
@@ -7163,7 +7163,7 @@
RESERVED
CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...)
- ruby-ox 2.8.2-1 (bug #881445)
- [stretch] - ruby-ox <no-dsa> (Minor issue)
+ [stretch] - ruby-ox 2.1.1-2+deb9u1
[jessie] - ruby-ox <no-dsa> (Minor issue)
NOTE: https://github.com/ohler55/ox/issues/194
NOTE: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8
@@ -9408,7 +9408,7 @@
CVE-2017-15094 [Memory leak in DNSSEC parsing]
RESERVED
- pdns-recursor 4.0.7-1
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
@@ -9416,7 +9416,7 @@
CVE-2017-15093 [Configuration file injection in the API]
RESERVED
- pdns-recursor 4.0.7-1
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor <no-dsa> (Minor issue)
[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced later)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
@@ -9424,7 +9424,7 @@
CVE-2017-15092 [Cross-Site Scripting in the web interface]
RESERVED
- pdns-recursor 4.0.7-1
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
@@ -9432,7 +9432,7 @@
CVE-2017-15091 [Missing check on API operations]
RESERVED
- pdns 4.0.5-1
- [stretch] - pdns <no-dsa> (Minor issue)
+ [stretch] - pdns 4.0.3-1+deb9u2
[jessie] - pdns <no-dsa> (Minor issue)
[wheezy] - pdns <not-affected> (Vulnerable code not present)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
@@ -9440,7 +9440,7 @@
CVE-2017-15090 [Insufficient validation of DNSSEC signatures]
RESERVED
- pdns-recursor 4.0.7-1
- [stretch] - pdns-recursor <no-dsa> (Minor issue)
+ [stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
@@ -9957,7 +9957,7 @@
NOT-FOR-US: HikVision
CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for ...)
- icu 57.1-7 (bug #878840)
- [stretch] - icu <postponed> (Should be fixed along in future update)
+ [stretch] - icu 57.1-6+deb9u1
[jessie] - icu <postponed> (Should be fixed along in future update)
[wheezy] - icu <postponed> (Can be fixed in next update)
NOTE: http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
@@ -10578,7 +10578,7 @@
CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote ...)
{DLA-1192-1}
- libofx 1:0.9.11-5 (bug #877442)
- [stretch] - libofx <no-dsa> (Minor issue)
+ [stretch] - libofx 1:0.9.10-2+deb9u1
[jessie] - libofx <no-dsa> (Minor issue)
NOTE: https://github.com/libofx/libofx/issues/10
NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd
@@ -10644,7 +10644,7 @@
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
{DLA-1111-1}
- weechat 1.9.1-1 (bug #876553)
- [stretch] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
+ [stretch] - weechat 1.6-1+deb9u2
[jessie] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks ...)
@@ -13413,48 +13413,48 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485274
CVE-2017-13744 (There is an illegal address access in the function _lou_getALine() in ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484338
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13743 (There is a buffer overflow in Liblouis 3.2.0, triggered in the function ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484335
CVE-2017-13742 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484332
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/af5791ea792acc0a9707738001aa1df3daff7a66
CVE-2017-13740 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299
NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in ...)
- liblouis 3.3.0-1 (low; bug #874302)
- [stretch] - liblouis <no-dsa> (Minor issue)
+ [stretch] - liblouis 3.0.0-3+deb9u1
[jessie] - liblouis <no-dsa> (Minor issue)
[wheezy] - liblouis <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
@@ -13640,7 +13640,7 @@
NOT-FOR-US: Lansweeper
CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
- [stretch] - flightgear <no-dsa> (Minor issue)
+ [stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1
[jessie] - flightgear <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
CVE-2017-13705
@@ -21640,7 +21640,7 @@
CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through ...)
{DLA-1018-1}
- sqlite3 3.19.3-3 (bug #867618)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [stretch] - sqlite3 3.16.2-5+deb9u1
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
NOTE: https://sqlite.org/src/info/66de6f4a
@@ -46962,7 +46962,7 @@
CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
{DLA-1192-1}
- libofx 1:0.9.11-4 (bug #875801)
- [stretch] - libofx <no-dsa> (Minor issue)
+ [stretch] - libofx 1:0.9.10-2+deb9u1
[jessie] - libofx <no-dsa> (Minor issue)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
@@ -46981,7 +46981,7 @@
RESERVED
CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...)
- python-tablib 0.9.11-3 (bug #864818)
- [stretch] - python-tablib <no-dsa> (Minor issue)
+ [stretch] - python-tablib 0.9.11-2+deb8u1
[jessie] - python-tablib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
More information about the Secure-testing-commits
mailing list