[Secure-testing-commits] r53361 - in data: . CVE

Thorsten Alteholz alteholz at moszumanska.debian.org
Mon Jul 10 14:05:43 UTC 2017


Author: alteholz
Date: 2017-07-10 14:05:43 +0000 (Mon, 10 Jul 2017)
New Revision: 53361

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
ark CVE-2017-9847 as not-affected for Wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-10 13:56:42 UTC (rev 53360)
+++ data/CVE/list	2017-07-10 14:05:43 UTC (rev 53361)
@@ -1641,6 +1641,7 @@
 	NOT-FOR-US: Easysite
 CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote ...)
 	- libtorrent-rasterbar <unfixed> (bug #865845)
+	[wheezy] - libtorrent-rasterbar <not-affected> (new bdecode introduced in 1.1.0; vulnerable code not present)
 	NOTE: https://github.com/arvidn/libtorrent/issues/2099
 	NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
 CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-07-10 13:56:42 UTC (rev 53360)
+++ data/dla-needed.txt	2017-07-10 14:05:43 UTC (rev 53361)
@@ -86,9 +86,6 @@
 libtasn1-3 (Thorsten Alteholz)
   NOTE: 20170702, no upstream fix yet
 --
-libtorrent-rasterbar (Thorsten Alteholz)
-  NOTE: 20170702 sent email to maintainer
---
 libxml-libxml-perl
   NOTE: 20170702, no upstream fix yet, so no need to bother maintainer yet, sent email later
 --




More information about the Secure-testing-commits mailing list