[Secure-testing-commits] r53440 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jul 13 09:03:34 UTC 2017
Author: jmm
Date: 2017-07-13 09:03:34 +0000 (Thu, 13 Jul 2017)
New Revision: 53440
Modified:
data/CVE/list
Log:
new libsndfile issue
old markdown-it issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-13 08:13:28 UTC (rev 53439)
+++ data/CVE/list 2017-07-13 09:03:34 UTC (rev 53440)
@@ -1,3 +1,6 @@
+CVE-2017-XXXX [libsndfile binheader overflow]
+ - libsndfile 1.0.28-3
+ NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The ...)
@@ -76965,7 +76968,7 @@
CVE-2015-3296
RESERVED
CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
- TODO: check
+ - ruby-rails-assets-markdown-it 4.2.1-1
CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly ...)
{DSA-3251-1 DLA-225-1}
- dnsmasq 2.72-3.1 (bug #783459)
More information about the Secure-testing-commits
mailing list