[Secure-testing-commits] r58536 - in data: . CVE

Wed Dec 13 21:16:36 UTC 2017

Author: jmm
Date: 2017-12-13 21:16:36 +0000 (Wed, 13 Dec 2017)
New Revision: 58536

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
stable triage


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-13 21:15:58 UTC (rev 58535)
+++ data/CVE/list	2017-12-13 21:16:36 UTC (rev 58536)
@@ -461,9 +461,8 @@
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/525/
 CVE-2017-17497 (In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows ...)
 	- tidy-html5 <unfixed>
-	- tidy <removed>
+	- tidy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/htacg/tidy-html5/issues/656
-	TODO: check
 CVE-2017-17496 (The socket_create function in socket.c in idevicerestore through ...)
 	TODO: check
 CVE-2017-17495
@@ -3382,7 +3381,9 @@
 	NOT-FOR-US: Swagger-Parser
 CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This ...)
 	{DLA-1204-1}
-	- evince 3.25.92-1
+	- evince 3.25.92-1 (low)
+	[stretch] - evince <no-dsa> (Minor issue)
+	[jessie] - evince <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
 	NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1)
 	NOTE: Fixed by: https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e (3.25.91)
@@ -44410,6 +44411,7 @@
 	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
 CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error ...)
 	- openssl 1.1.0b-2
+	[jessie] - openssl <postponed> (Can be fixed with next OpenSSL advisory round)
 	- openssl1.0 <unfixed>
 	NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
 	NOTE: thus mark as fixed in the firs 1.1.0 version which entered unstable.

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-12-13 21:15:58 UTC (rev 58535)
+++ data/dsa-needed.txt	2017-12-13 21:16:36 UTC (rev 58536)
@@ -16,6 +16,8 @@
 --
 asterisk
 --
+bouncycastle
+--
 graphicsmagick
 --
 libav/oldstable
@@ -25,6 +27,8 @@
 --
 libvpx/oldstable
 --
+libxml2
+--
 linux
   Wait until more issues have piled up
 --
@@ -54,7 +58,7 @@
 --
 qemu/oldstable
 --
-redmine/stable
+redmine
   oldstable also affected, but might be worth EOLing
 --
 ruby2.1/oldstable
@@ -78,7 +82,7 @@
 --
 wordpress
 --
-xen/oldstable
+xen
 --
 zendframework/oldstable
 --


