[Secure-testing-commits] r53783 - in data: . CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jul 22 08:22:24 UTC 2017 

Author: carnil
Date: 2017-07-22 08:22:24 +0000 (Sat, 22 Jul 2017)
New Revision: 53783

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
Record fixes for stretch point release

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-07-22 08:00:06 UTC (rev 53782)
+++ data/CVE/list	2017-07-22 08:22:24 UTC (rev 53783)
@@ -559,7 +559,7 @@
 	RESERVED
 CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt ...)
 	- libopenmpt 0.2.8461~beta26-1 (bug #867579)
-	[stretch] - libopenmpt <no-dsa> (Scheduled for point release)
+	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u2
 CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick ...)
 	- imagemagick <not-affected> (Vulnerable code not present, Only affects ImageMagick-7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
@@ -2373,7 +2373,7 @@
 	RESERVED
 CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf ...)
 	- dwarfutils 20170416-3 (bug #866968)
-	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	[stretch] - dwarfutils 20161124-1+deb9u1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465756
@@ -2907,7 +2907,7 @@
 	RESERVED
 CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...)
 	- phpunit 5.4.6-2 (bug #866200)
-	[stretch] - phpunit <no-dsa> (Can be fixed via a point release, Minor issue; not to be used exposed on production servers)
+	[stretch] - phpunit 5.4.6-2~deb9u1
 	[jessie] - phpunit <not-affected> (Issue introduced later; vulnerable code not present)
 	[wheezy] - phpunit <not-affected> (Issue introduced later; vulnerable code not present)
 	NOTE: https://github.com/sebastianbergmann/phpunit/pull/1956
@@ -4444,10 +4444,10 @@
 CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as ...)
 	{DLA-1014-1 DLA-1003-1}
 	- unrar-nonfree 1:5.5.5-1 (bug #865461)
-	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
+	[stretch] - unrar-nonfree 1:5.3.2-1+deb9u1
 	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	- libclamunrar 0.99-4 (bug #867223)
-	[stretch] - libclamunrar <no-dsa> (Non-free not supported)
+	[stretch] - libclamunrar 0.99-3+deb9u1
 	[jessie] - libclamunrar <no-dsa> (Non-free not supported)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
@@ -4547,7 +4547,7 @@
 CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for ...)
 	{DLA-998-1}
 	- c-ares 1.12.0-4 (bug #865360)
-	[stretch] - c-ares <no-dsa> (Minor issue)
+	[stretch] - c-ares 1.12.0-1+deb9u1
 	[jessie] - c-ares <no-dsa> (Minor issue)
 	NOTE: https://c-ares.haxx.se/adv_20170620.html
 	NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
@@ -4891,6 +4891,7 @@
 	NOT-FOR-US: apk (Alpine's package manager)
 CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
 	- gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
+	[stretch] - gnuplot 5.0.5+dfsg1-6+deb9u1
 	[jessie] - gnuplot <not-affected> (Vulnerable code introduced later)
 	[wheezy] - gnuplot <not-affected> (Vulnerable code introduced later)
 	- gnuplot5 <removed> (unimportant; bug #864903)
@@ -5452,7 +5453,7 @@
 	RESERVED
 CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in ...)
 	- systemd 233-10 (bug #866147)
-	[stretch] - systemd <no-dsa> (Minor issue, systemd-resolved not enabled by default)
+	[stretch] - systemd 232-25+deb9u1
 	[jessie] - systemd <not-affected> (Vulnerable code not present)
 	[wheezy] - systemd <not-affected> (Vulnerable code not present)
 	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
@@ -6603,31 +6604,31 @@
 	NOTE: https://www.exploit-db.com/exploits/42207/
 CVE-2017-9128 (The quicktime_video_width function in lqt_quicktime.c in libquicktime ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9127 (The quicktime_user_atoms_read_atom function in useratoms.c in ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9126 (The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9125 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9124 (The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9123 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows ...)
 	- libquicktime 2:1.2.4-11 (low; bug #864664)
-	[stretch] - libquicktime <no-dsa> (Minor issue)
+	[stretch] - libquicktime 2:1.2.4-10+deb9u1
 	[jessie] - libquicktime <no-dsa> (Minor issue)
 CVE-2017-9121
 	RESERVED
@@ -6808,25 +6809,25 @@
 	RESERVED
 CVE-2017-9055 (An issue, also known as DW201703-001, was discovered in libdwarf ...)
 	- dwarfutils 20170416-2 (bug #864064)
-	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	[stretch] - dwarfutils 20161124-1+deb9u1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-001
 CVE-2017-9054 (An issue, also known as DW201703-002, was discovered in libdwarf ...)
 	- dwarfutils 20170416-2 (bug #864064)
-	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	[stretch] - dwarfutils 20161124-1+deb9u1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-002
 CVE-2017-9053 (An issue, also known as DW201703-005, was discovered in libdwarf ...)
 	- dwarfutils 20170416-2 (bug #864064)
-	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	[stretch] - dwarfutils 20161124-1+deb9u1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-005
 CVE-2017-9052 (An issue, also known as DW201703-006, was discovered in libdwarf ...)
 	- dwarfutils 20170416-2 (bug #864064)
-	[stretch] - dwarfutils <no-dsa> (Minor issue)
+	[stretch] - dwarfutils 20161124-1+deb9u1
 	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	[wheezy] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006
@@ -11431,7 +11432,7 @@
 CVE-2017-7480 [File download via http might lead to RCE]
 	RESERVED
 	- rkhunter 1.4.4-1 (bug #866677)
-	[stretch] - rkhunter <no-dsa> (Minor issue)
+	[stretch] - rkhunter 1.4.2-6+deb9u1
 	[jessie] - rkhunter <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/29/2
 	NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2017-07-22 08:00:06 UTC (rev 53782)
+++ data/next-point-update.txt	2017-07-22 08:22:24 UTC (rev 53783)
@@ -1,14 +1,3 @@
-CVE-2017-9670
-	[stretch] - gnuplot 5.0.5+dfsg1-6+deb9u1
-CVE-2017-9841
-	[stretch] - phpunit 5.4.6-2~deb9u1
-CVE-2012-6706
-	[stretch] - unrar-nonfree 1:5.3.2-1+deb9u1
-	[stretch] - libclamunrar 0.99-3+deb9u1
-CVE-2017-1000381
-	[stretch] - c-ares 1.12.0-1+deb9u1
-CVE-2017-9445
-	[stretch] - systemd 232-25+deb9u1
 CVE-2017-11113
 	[stretch] - ncurses 6.0+20161126-1+deb9u1
 CVE-2017-11112
@@ -17,29 +6,3 @@
 	[stretch] - ncurses 6.0+20161126-1+deb9u1
 CVE-2017-10685
 	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-9052
-	[stretch] - dwarfutils 20161124-1+deb9u1
-CVE-2017-9053
-	[stretch] - dwarfutils 20161124-1+deb9u1
-CVE-2017-9054
-	[stretch] - dwarfutils 20161124-1+deb9u1
-CVE-2017-9055
-	[stretch] - dwarfutils 20161124-1+deb9u1
-CVE-2017-9998
-	[stretch] - dwarfutils 20161124-1+deb9u1
-CVE-2017-7480
-	[stretch] - rkhunter 1.4.2-6+deb9u1
-CVE-2017-11311
-	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u2
-CVE-2017-9128
-	[stretch] - libquicktime 2:1.2.4-10+deb9u1
-CVE-2017-9127
-	[stretch] - libquicktime 2:1.2.4-10+deb9u1
-CVE-2017-9125
-	[stretch] - libquicktime 2:1.2.4-10+deb9u1
-CVE-2017-9124
-	[stretch] - libquicktime 2:1.2.4-10+deb9u1
-CVE-2017-9123
-	[stretch] - libquicktime 2:1.2.4-10+deb9u1
-CVE-2017-9122
-	[stretch] - libquicktime 2:1.2.4-10+deb9u1

More information about the Secure-testing-commits mailing list