[Secure-testing-commits] r52265 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jun 4 06:39:06 UTC 2017
Author: jmm
Date: 2017-06-04 06:39:06 +0000 (Sun, 04 Jun 2017)
New Revision: 52265
Modified:
data/CVE/list
Log:
more no-dsa for stretch
remove ht entry for CVE-2016-4491, crash in CLI tool not a security issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-04 03:48:15 UTC (rev 52264)
+++ data/CVE/list 2017-06-04 06:39:06 UTC (rev 52265)
@@ -7,7 +7,9 @@
CVE-2017-9410
RESERVED
CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (low)
+ [stretch] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
+ [jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/458
CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
- poppler <unfixed> (bug #864009)
@@ -15,7 +17,9 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100776
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b21b041f7948680c03109f0c404400a9dbc4544c
CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (low)
+ [stretch] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
+ [jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/459
CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
- poppler <unfixed> (bug #864010)
@@ -23,7 +27,9 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100775
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4
CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (low)
+ [stretch] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
+ [jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/457
CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
- tiff 4.0.8-1
@@ -531,6 +537,7 @@
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
CVE-2017-9262 (In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c ...)
- imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863834)
+ [jessie] - imagemagick <no-dsa> (Minor issue, wait until more severe issues arise)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/475
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4649578df8dcbfb2b08d8623d52486dc124da3a8
CVE-2017-9261 (In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c ...)
@@ -9817,6 +9824,8 @@
NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
- kodi <unfixed> (bug #855225)
+ [stretch] - kodi <no-dsa> (Minor issue)
+ [jessie] - kodi <no-dsa> (Minor issue)
- xbmc <removed> (bug #861274)
[jessie] - xbmc <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2017/Feb/27
@@ -25194,6 +25203,7 @@
CVE-2016-9584 (libical allows remote attackers to cause a denial of service ...)
{DLA-959-1}
- libical <unfixed> (bug #852034)
+ [stretch] - libical <no-dsa> (Minor issue)
[jessie] - libical <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
NOTE: Upstream ticket: https://github.com/libical/libical/issues/253
@@ -37919,6 +37929,7 @@
NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1)
CVE-2016-5827 (The icaltime_from_string function in libical 0.47 and 1.0 allows ...)
- libical <unfixed>
+ [stretch] - libical <no-dsa> (Minor issue)
[jessie] - libical <no-dsa> (Minor issue)
[wheezy] - libical <no-dsa> (Low prio according to upstream)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
@@ -37928,11 +37939,13 @@
NOTE: https://github.com/libical/libical/commit/830d9530817516377c2bc3b532798ce2c6b4765a
CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0 allows ...)
- libical <unfixed>
+ [stretch] - libical <no-dsa> (Minor issue)
[jessie] - libical <no-dsa> (Minor issue)
[wheezy] - libical <no-dsa> (Low prio according to upstream)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0 allows ...)
- libical <unfixed>
+ [stretch] - libical <no-dsa> (Minor issue)
[jessie] - libical <no-dsa> (Minor issue)
[wheezy] - libical <no-dsa> (Low prio according to upstream)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
@@ -42545,9 +42558,6 @@
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4491 (The d_print_comp function in cp-demangle.c in libiberty allows remote ...)
- - ht <unfixed> (low)
- [jessie] - ht <no-dsa> (Minor issue)
- [wheezy] - ht <no-dsa> (Minor issue)
- binutils 2.28-3 (low)
[jessie] - binutils <no-dsa> (Minor issue)
[wheezy] - binutils <no-dsa> (Minor issue)
@@ -42556,6 +42566,7 @@
[wheezy] - libiberty <no-dsa> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
+ NOTE: https://gcc.gnu.org/viewcvs?rev=247056&root=gcc&view=rev
CVE-2016-4490 (Integer overflow in cp-demangle.c in libiberty allows remote attackers ...)
{DLA-552-1}
- ht 2.1.0+repack1-1 (low; bug #840358)
@@ -71938,6 +71949,7 @@
CVE-2015-3277 [incorrect multi-keyword mode cipherstring parsing]
RESERVED
- libapache2-mod-nss <unfixed> (bug #795657)
+ [stretch] - libapache2-mod-nss <no-dsa> (Minor issue)
[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
NOTE: Introduced by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
More information about the Secure-testing-commits
mailing list