[Secure-testing-commits] r48507 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Jan 28 23:22:45 UTC 2017 

Author: jmm
Date: 2017-01-28 23:22:45 +0000 (Sat, 28 Jan 2017)
New Revision: 48507

Modified:
   data/CVE/list
Log:
cgiemail CVEfied
one further jasper issue unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-28 22:30:05 UTC (rev 48506)
+++ data/CVE/list	2017-01-28 23:22:45 UTC (rev 48507)
@@ -293,18 +293,18 @@
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601
 	NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
 	NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)
-CVE-2017-XXXX [Reflected XSS vulnerability]
+CVE-2017-5616 [Reflected XSS vulnerability]
 	- cgiemail <removed> (bug #852031)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6
-CVE-2017-XXXX [SEC-215 HTTP header injection]
+	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+CVE-2017-5615 [SEC-215 HTTP header injection]
 	- cgiemail <removed> (bug #852031)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6
-CVE-2017-XXXX [SEC-214 Open redirect]
+	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+CVE-2017-5614 [SEC-214 Open redirect]
 	- cgiemail <removed> (bug #852031)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6
-CVE-2017-XXXX [SEC-212 Format string injection]
+	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+CVE-2017-5613 [SEC-212 Format string injection]
 	- cgiemail <removed> (bug #852031)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/20/6
+	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
 CVE-2016-10155 [watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb; CVE for the memory consumption issue, not an information disclosure issue]
 	RESERVED
 	- qemu 1:2.8+dfsg-2 (bug #852232)
@@ -855,14 +855,17 @@
 	NOTE: https://github.com/mdadams/jasper/issues/90
 CVE-2017-5502
 	RESERVED
-	- jasper <removed>
+	- jasper <removed> (unimportant)
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c
 	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+	NOTE: https://github.com/mdadams/jasper/issues/76
+	NOTE: Not suitable for code injection, hardly denial of service
 CVE-2017-5501
 	RESERVED
 	- jasper <removed>
 	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c
 	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
+	NOTE: https://github.com/mdadams/jasper/issues/70
 CVE-2017-5500
 	RESERVED
 	- jasper <removed> (unimportant)

More information about the Secure-testing-commits mailing list