[Secure-testing-commits] r58515 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Dec 13 18:44:00 UTC 2017 

Author: jmm
Date: 2017-12-13 18:44:00 +0000 (Wed, 13 Dec 2017)
New Revision: 58515

Modified:
   data/CVE/list
Log:
aubio no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-13 18:03:58 UTC (rev 58514)
+++ data/CVE/list	2017-12-13 18:44:00 UTC (rev 58515)
@@ -32,13 +32,17 @@
 CVE-2017-17556
 	RESERVED
 CVE-2017-17555 (The swri_audio_convert function in audioconvert.c in FFmpeg ...)
-	- aubio <unfixed> (bug #884232)
+	- aubio <unfixed> (low; bug #884232)
+	[stretch] - aubio <no-dsa> (Minor issue)
+	[jessie] - aubio <no-dsa> (Minor issue)
 	[wheezy] - aubio <no-dsa> (Minor issue)
 	NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
 	NOTE: aubio initializes libswresample with 2 channels and then passes data
 	NOTE: that contains just one channel. Not an issue in src:ffmpeg.
 CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the ...)
 	- aubio <unfixed> (low; bug #884237)
+	[stretch] - aubio <no-dsa> (Minor issue)
+	[jessie] - aubio <no-dsa> (Minor issue)
 	[wheezy] - aubio <no-dsa> (Minor issue)
 	NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md
 CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing ...)
@@ -20071,9 +20075,6 @@
 	- tiff <unfixed> (bug #869823)
 	- tiff3 <removed>
 	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
-	NOTE: Red Hat marked this NOTABUG: https://bugzilla.redhat.com/show_bug.cgi?id=1475530
-	NOTE: NOTABUG in RHEL context only means in most cases that Red Hat does not intent
-	NOTE: to address this issue.
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2762
 CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...)
 	NOT-FOR-US: Joomla!

More information about the Secure-testing-commits mailing list