[Secure-testing-commits] r58931 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-12-26 11:47:32 +0000 (Tue, 26 Dec 2017)
New Revision: 58931

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
stable triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-26 11:01:16 UTC (rev 58930)
+++ data/CVE/list	2017-12-26 11:47:32 UTC (rev 58931)
@@ -669,7 +669,8 @@
 	NOT-FOR-US: wp-concours plugin for WordPress
 CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...)
 	- ruby-net-ldap <unfixed> (bug #884693)
-	[jessie] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
+	[stretch] - ruby-net-ldap <no-dsa> (Minor issue)
+	[jessie] - ruby-net-ldap <not-affected> (Documentation already states that there is no validation)
 	[wheezy] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
 	NOTE: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
 	NOTE: Versions < 0.10 properly acknowledge in their documentation the lack of any SSL
@@ -5578,8 +5579,7 @@
 	- postbooks <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/postbooks/4.7.0-3/guiclient/guiclient.cpp/?hl=1610#L1610
 CVE-2017-17524 (library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings ...)
-	- swi-prolog <unfixed>
-	[wheezy] - swi-prolog <no-dsa> (Minor Issue)
+	- swi-prolog <unfixed> (unimportant)
 	NOTE: https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68
 	NOTE: In wheezy it is technically possible to trigger an argument injection
 	NOTE: vulnerability however it is quoted in an unusual way which makes it highly
@@ -15225,6 +15225,8 @@
 CVE-2017-15124 [memory exhaustion through framebuffer update request message in VNC server]
 	RESERVED
 	- qemu <unfixed> (bug #884806)
+	[stretch] - qemu <postponed> (Can be fixed along in later update)
+	[jessie] - qemu <postponed> (Can be fixed along in later update)
 	[wheezy] - qemu <postponed> (Can be fixed along in later update)
 	- qemu-kvm <removed>
 	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
@@ -20823,6 +20825,7 @@
 	NOT-FOR-US: libbpg
 CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...)
 	- x265 <unfixed>
+	[stretch] - x265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/ebel34/bpg-web-encoder/issues/1
 	NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135
 	NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-12-26 11:01:16 UTC (rev 58930)
+++ data/dsa-needed.txt	2017-12-26 11:47:32 UTC (rev 58931)
@@ -16,6 +16,8 @@
 --
 asterisk
 --
+chromium-browser/stable
+--
 gimp (carnil)
 --
 graphicsmagick