[Secure-testing-commits] r53172 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jul 4 21:34:59 UTC 2017


Author: jmm
Date: 2017-07-04 21:34:59 +0000 (Tue, 04 Jul 2017)
New Revision: 53172

Modified:
   data/CVE/list
Log:
new linux issue
gnuplot non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-04 21:19:20 UTC (rev 53171)
+++ data/CVE/list	2017-07-04 21:34:59 UTC (rev 53172)
@@ -199,7 +199,7 @@
 CVE-2017-10811
 	RESERVED
 CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...)
-	TODO: check
+	- linux <unfixed> (low)
 CVE-2017-10809
 	RESERVED
 CVE-2017-10808
@@ -2834,17 +2834,17 @@
 	RESERVED
 	NOT-FOR-US: apk (Alpine's package manager)
 CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
-	- gnuplot 5.0.5+dfsg1-7 (bug #864901)
-	[stretch] - gnuplot <no-dsa> (Minor issue)
+	- gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
 	[jessie] - gnuplot <not-affected> (Vulnerable code introduced later)
 	[wheezy] - gnuplot <not-affected> (Vulnerable code introduced later)
-	- gnuplot5 <removed> (bug #864903)
+	- gnuplot5 <removed> (unimportant; bug #864903)
 	[jessie] - gnuplot5 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/
 	NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1044638#c5
 	NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
 	NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
+	NOTE: Crash in a CLI tool, no security impact
 CVE-2017-9669
 	RESERVED
 	NOT-FOR-US: apk (Alpine's package manager)




More information about the Secure-testing-commits mailing list