[Secure-testing-commits] r48742 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Feb 6 22:13:15 UTC 2017
Author: jmm
Date: 2017-02-06 22:13:14 +0000 (Mon, 06 Feb 2017)
New Revision: 48742
Modified:
data/CVE/list
Log:
one libbpg/ffmpeg issue a duplicate
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-06 22:10:59 UTC (rev 48741)
+++ data/CVE/list 2017-02-06 22:13:14 UTC (rev 48742)
@@ -74,11 +74,11 @@
NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/20170204121312.lq26ge6osbiuwnjo%40mapreri.org/#msg35646469
CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-5875 (XSS was discovered in dotCMS 3.7.0, with an authenticated attack ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2017-5874
RESERVED
CVE-2017-5873
@@ -27351,9 +27351,7 @@
CVE-2016-5638
RESERVED
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
- - ffmpeg <undetermined>
- NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
- NOTE: https://www.kb.cert.org/vuls/id/123799
+ NOTE: No further information provided, but this is very likely a dupe of CVE-2016-8710
CVE-2016-1000003 (Mirror Manager version 0.7.2 and older is vulnerable to remote code ...)
TODO: check
CVE-2016-5727
More information about the Secure-testing-commits
mailing list