[Secure-testing-commits] r53172 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jul 4 21:34:59 UTC 2017
Author: jmm
Date: 2017-07-04 21:34:59 +0000 (Tue, 04 Jul 2017)
New Revision: 53172
Modified:
data/CVE/list
Log:
new linux issue
gnuplot non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-04 21:19:20 UTC (rev 53171)
+++ data/CVE/list 2017-07-04 21:34:59 UTC (rev 53172)
@@ -199,7 +199,7 @@
CVE-2017-10811
RESERVED
CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...)
- TODO: check
+ - linux <unfixed> (low)
CVE-2017-10809
RESERVED
CVE-2017-10808
@@ -2834,17 +2834,17 @@
RESERVED
NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
- - gnuplot 5.0.5+dfsg1-7 (bug #864901)
- [stretch] - gnuplot <no-dsa> (Minor issue)
+ - gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
[jessie] - gnuplot <not-affected> (Vulnerable code introduced later)
[wheezy] - gnuplot <not-affected> (Vulnerable code introduced later)
- - gnuplot5 <removed> (bug #864903)
+ - gnuplot5 <removed> (unimportant; bug #864903)
[jessie] - gnuplot5 <not-affected> (Vulnerable code introduced later)
NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/
NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1044638#c5
NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
+ NOTE: Crash in a CLI tool, no security impact
CVE-2017-9669
RESERVED
NOT-FOR-US: apk (Alpine's package manager)
More information about the Secure-testing-commits
mailing list