[Secure-testing-commits] r58396 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Dec 9 16:07:59 UTC 2017
Author: jmm
Date: 2017-12-09 16:07:59 +0000 (Sat, 09 Dec 2017)
New Revision: 58396
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
stable triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-09 15:42:23 UTC (rev 58395)
+++ data/CVE/list 2017-12-09 16:07:59 UTC (rev 58396)
@@ -2289,6 +2289,8 @@
RESERVED
CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...)
- yard 0.9.12-1
+ [stretch] - yard <no-dsa> (Minor issue)
+ [jessie] - yard <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4 (0.9.11)
CVE-2017-17041
RESERVED
@@ -4170,12 +4172,16 @@
NOT-FOR-US: I, Librarian
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...)
- ldns <unfixed> (bug #882014)
+ [stretch] - ldns <no-dsa> (Minor issue)
+ [jessie] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns <not-affected> (Vulnerable code not present)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
{DLA-1182-1}
- ldns <unfixed> (bug #882015)
+ [stretch] - ldns <no-dsa> (Minor issue)
+ [jessie] - ldns <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
@@ -4967,6 +4973,8 @@
NOTE: OTRS 3.3: https://github.com/OTRS/otrs/commit/2e58a4bbd99b2477d72c3b2d9fef009537ab19ce
CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper ...)
- backintime <unfixed> (bug #881205)
+ [stretch] - backintime <no-dsa> (Minor issue)
+ [jessie] - backintime <no-dsa> (Minor issue)
[wheezy] - backintime <not-affected> (Vulnerable code does not exist)
NOTE: https://github.com/bit-team/backintime/issues/834
NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
@@ -8560,7 +8568,9 @@
CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the ...)
NOT-FOR-US: E-Sic
CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of redundant ...)
- - suricata 1:4.0.0-1
+ - suricata 1:4.0.0-1 (low)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ [jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57
NOTE: https://redmine.openinfosecfoundation.org/issues/2231
CVE-2017-15376 (The TELNET service in Mobatek MobaXterm 10.4 does not require ...)
@@ -10564,6 +10574,8 @@
CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
{DLA-1125-1}
- botan1.10 1.10.17-0.1 (bug #877436)
+ [stretch] - botan1.10 <no-dsa> (Minor issue)
+ [jessie] - botan1.10 <no-dsa> (Minor issue)
NOTE: https://github.com/randombit/botan/issues/1222
NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
NOTE: for 1.10: https://github.com/randombit/botan/commit/aeb87170d1b9013b079c300c8858bad477d30bd4
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-12-09 15:42:23 UTC (rev 58395)
+++ data/dsa-needed.txt 2017-12-09 16:07:59 UTC (rev 58396)
@@ -14,6 +14,8 @@
--
389-ds-base (fw)
--
+asterisk
+--
chromium-browser
--
firefox-esr (jmm)
@@ -46,6 +48,8 @@
--
phpmyadmin/oldstable
--
+pjproject
+--
poppler
2017-11-23: santiago will prepare a debdiff
2017-12-02: santiago prepared debdiffs available for review
More information about the Secure-testing-commits
mailing list