[Secure-testing-commits] r52269 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jun 4 08:35:06 UTC 2017
Author: jmm
Date: 2017-06-04 08:35:06 +0000 (Sun, 04 Jun 2017)
New Revision: 52269
Modified:
data/CVE/list
Log:
ettercap fixed
rabbitmq, rar no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-04 07:22:13 UTC (rev 52268)
+++ data/CVE/list 2017-06-04 08:35:06 UTC (rev 52269)
@@ -2903,7 +2903,7 @@
CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...)
NOT-FOR-US: Ether Software
CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...)
- - ettercap <unfixed> (bug #861604)
+ - ettercap 1:0.8.2-5 (bug #861604)
NOTE: https://github.com/Ettercap/ettercap/issues/792
CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote ...)
{DLA-956-1}
@@ -13562,17 +13562,22 @@
RESERVED
CVE-2017-4967
RESERVED
- - rabbitmq-server <unfixed> (bug #863586)
+ - rabbitmq-server <unfixed> (low; bug #863586)
+ [stretch] - rabbitmq-server <no-dsa> (Minor issue)
+ [jessie] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 [authentication details are stored in browser-local storage without expiration]
RESERVED
- - rabbitmq-server <unfixed> (bug #863586)
+ - rabbitmq-server <unfixed> (low; bug #863586)
+ [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
CVE-2017-4965
RESERVED
- - rabbitmq-server <unfixed> (bug #863586)
+ - rabbitmq-server <unfixed> (low; bug #863586)
+ [stretch] - rabbitmq-server <no-dsa> (Minor issue)
+ [jessie] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...)
NOT-FOR-US: Cloud Foundry
CVE-2017-4963
@@ -77960,6 +77965,7 @@
[squeeze] - unrar-nonfree <no-dsa> (Non-free not supported)
CVE-2015-XXXX [symlink directory traversal]
- rar <unfixed> (bug #774172)
+ [stretch] - rar <no-dsa> (Non-free not supported)
[jessie] - rar <no-dsa> (Non-free not supported)
[wheezy] - rar <no-dsa> (Non-free not supported)
[squeeze] - rar <no-dsa> (Not fixed upstream and license does not allow modification)
More information about the Secure-testing-commits
mailing list