[Secure-testing-commits] r48662 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Feb 2 10:46:39 UTC 2017
Author: jmm
Date: 2017-02-02 10:46:39 +0000 (Thu, 02 Feb 2017)
New Revision: 48662
Modified:
data/CVE/list
Log:
new mp3splt non-issue
NFU
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-02 09:10:34 UTC (rev 48661)
+++ data/CVE/list 2017-02-02 10:46:39 UTC (rev 48662)
@@ -1,3 +1,9 @@
+CVE-2017-5681 [mp3splt: NULL pointer dereference in free_options]
+ RESERVED
+ - mp3splt <unfixed> (unimportant)
+ NOTE: https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options
+ NOTE: https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c
+ NOTE: No security impact, crash in CLI tool
CVE-2017-5679
RESERVED
CVE-2017-5678
@@ -6,20 +12,24 @@
RESERVED
CVE-2017-5676
RESERVED
-CVE-2017-5857
+CVE-2017-5857 [Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref]
- qemu <unfixed>
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21c
-CVE-2017-5856
+CVE-2017-5856 [Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd]
- qemu <unfixed>
[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
- qemu-kvm <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342
+CVE-2016-10193
+ NOT-FOR-US: espeak-ruby Ruby gem
+CVE-2016-10194
+ NOT-FOR-US: festivaltts4r
CVE-2015-8981
NOT-FOR-US: podofo
CVE-2017-5855
More information about the Secure-testing-commits
mailing list