[Secure-testing-commits] r52263 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Jun 3 23:08:36 UTC 2017
Author: jmm
Date: 2017-06-03 23:08:36 +0000 (Sat, 03 Jun 2017)
New Revision: 52263
Modified:
data/CVE/list
Log:
various no-dsa for stretch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-03 20:59:16 UTC (rev 52262)
+++ data/CVE/list 2017-06-03 23:08:36 UTC (rev 52263)
@@ -236,7 +236,9 @@
CVE-2017-9325
RESERVED
CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length" procedure results in ...)
- - chicken <unfixed> (bug #863884)
+ - chicken <unfixed> (low; bug #863884)
+ [stretch] - chicken <no-dsa> (Minor issue)
+ [jessie] - chicken <no-dsa> (Minor issue)
NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html
NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
CVE-2017-9330 [usb: ohci: infinite loop due to incorrect return value]
@@ -1136,24 +1138,28 @@
CVE-2017-9055 (An issue, also known as DW201703-001, was discovered in libdwarf ...)
[experimental] - dwarfutils 20170416-1
- dwarfutils <unfixed>
+ [stretch] - dwarfutils <no-dsa> (Minor issue)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-001
CVE-2017-9054 (An issue, also known as DW201703-002, was discovered in libdwarf ...)
[experimental] - dwarfutils 20170416-1
- dwarfutils <unfixed>
+ [stretch] - dwarfutils <no-dsa> (Minor issue)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-002
CVE-2017-9053 (An issue, also known as DW201703-005, was discovered in libdwarf ...)
[experimental] - dwarfutils 20170416-1
- dwarfutils <unfixed>
+ [stretch] - dwarfutils <no-dsa> (Minor issue)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-005
CVE-2017-9052 (An issue, also known as DW201703-006, was discovered in libdwarf ...)
[experimental] - dwarfutils 20170416-1
- dwarfutils <unfixed>
+ [stretch] - dwarfutils <no-dsa> (Minor issue)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006
@@ -1626,6 +1632,8 @@
RESERVED
CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...)
- dolibarr <unfixed> (bug #863544)
+ [stretch] - dolibarr <no-dsa> (Minor issue)
+ [jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
NOT-FOR-US: ASUS
CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
@@ -4252,12 +4260,18 @@
RESERVED
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
- dolibarr <unfixed> (bug #863544)
+ [stretch] - dolibarr <no-dsa> (Minor issue)
+ [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall ...)
- dolibarr <unfixed> (bug #863544)
+ [stretch] - dolibarr <no-dsa> (Minor issue)
+ [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in ...)
- dolibarr <unfixed> (bug #863544)
+ [stretch] - dolibarr <no-dsa> (Minor issue)
+ [jessie] - dolibarr <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
{DSA-3855-1 DLA-942-1}
@@ -5640,6 +5654,7 @@
CVE-2017-7401 (Incorrect interaction of the parse_packet() and ...)
{DLA-884-1}
- collectd <unfixed> (bug #859494)
+ [stretch] - collectd <no-dsa> (Minor issue)
[jessie] - collectd <no-dsa> (Minor issue)
NOTE: https://github.com/collectd/collectd/issues/2174
NOTE: https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211
@@ -5650,6 +5665,7 @@
NOTE: https://launchpad.net/bugs/1667086
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex ...)
- ghostscript <unfixed> (bug #860869)
+ [stretch] - ghostscript <no-dsa> (Minor issue)
[jessie] - ghostscript <no-dsa> (Minor issue)
[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
@@ -8961,18 +8977,21 @@
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0)
CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...)
- gdk-pixbuf <unfixed> (bug #856448)
+ [stretch] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in ...)
- gdk-pixbuf <unfixed> (bug #856445)
+ [stretch] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016
NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent ...)
- gdk-pixbuf <unfixed> (bug #856444)
+ [stretch] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012
@@ -9536,6 +9555,7 @@
NOT-FOR-US: NETGEAR
CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and ...)
- glibc <unfixed> (bug #856503)
+ [stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -10945,6 +10965,7 @@
NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d
CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attackers ...)
- libapache-poi-java <unfixed> (bug #858301)
+ [stretch] - libapache-poi-java <no-dsa> (Minor issue)
[jessie] - libapache-poi-java <no-dsa> (Minor issue)
[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2017/03/20/9
More information about the Secure-testing-commits
mailing list