[Secure-testing-commits] r53366 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Jul 10 21:21:15 UTC 2017 

Author: jmm
Date: 2017-07-10 21:21:15 +0000 (Mon, 10 Jul 2017)
New Revision: 53366

Modified:
   data/CVE/list
Log:
qemu, nasm, openvswitch no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-10 21:20:54 UTC (rev 53365)
+++ data/CVE/list	2017-07-10 21:21:15 UTC (rev 53366)
@@ -287,6 +287,8 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
 CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...)
 	- nasm <unfixed>
+	[stretch] - nasm <no-dsa> (Minor issue)
+	[jessie] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415
 CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote attackers ...)
 	- catdoc <unfixed> (bug #867717)
@@ -1271,6 +1273,8 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411
 CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...)
 	- nasm <unfixed>
+	[stretch] - nasm <no-dsa> (Minor issue)
+	[jessie] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414
 CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entry ...)
 	- ncurses 6.0+20170701-1
@@ -1346,6 +1350,8 @@
 CVE-2017-10664 [qemu-nbd: server breaks with SIGPIPE upon client abort]
 	RESERVED
 	- qemu <unfixed> (bug #866674)
+	[stretch] - qemu <no-dsa> (Minor issue)
+	[jessie] - qemu <no-dsa> (Minor issue)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
 	NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
@@ -5103,6 +5109,7 @@
 	RESERVED
 CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...)
 	- openvswitch <unfixed> (bug #863228)
+	[jessie] - openvswitch <no-dsa> (Minor issue)
 	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
 	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
 	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html

More information about the Secure-testing-commits mailing list