[Secure-testing-commits] r52276 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Jun 4 10:55:33 UTC 2017
Author: jmm
Date: 2017-06-04 10:55:33 +0000 (Sun, 04 Jun 2017)
New Revision: 52276
Modified:
data/CVE/list
Log:
further stretch triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-04 10:27:57 UTC (rev 52275)
+++ data/CVE/list 2017-06-04 10:55:33 UTC (rev 52276)
@@ -945,6 +945,8 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2693
CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through ...)
- libytnef <unfixed> (bug #862707)
+ [stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
+ [jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
NOTE: https://github.com/Yeraze/ytnef/issues/47
CVE-2017-9145
RESERVED
@@ -1758,35 +1760,35 @@
CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...)
NOT-FOR-US: Allen Disk
CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
- - lrzip <unfixed> (bug #863145)
- [wheezy] - lrzip <no-dsa> (Minor issue)
+ - lrzip <unfixed> (unimportant; bug #863145)
NOTE: https://github.com/ckolivas/lrzip/issues/67
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...)
- lrzip <unfixed> (bug #863150)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/71
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...)
- - lrzip <unfixed> (bug #863151)
- [wheezy] - lrzip <no-dsa> (Minor issue)
+ - lrzip <unfixed> (unimportant; bug #863151)
NOTE: https://github.com/ckolivas/lrzip/issues/68
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
- lrzip <unfixed> (bug #863153)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/70
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...)
- - lrzip <unfixed> (bug #863155)
- [wheezy] - lrzip <no-dsa> (Minor issue)
+ - lrzip <unfixed> (unimportant; bug #863155)
NOTE: https://github.com/ckolivas/lrzip/issues/69
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
- - lrzip <unfixed> (bug #863156)
- [wheezy] - lrzip <no-dsa> (Minor issue)
+ - lrzip <unfixed> (unimportant; bug #863156)
NOTE: https://github.com/ckolivas/lrzip/issues/66
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-8841
RESERVED
CVE-2017-8840
@@ -17371,7 +17373,8 @@
CVE-2017-3470 (Vulnerability in the Oracle Communications Security Gateway component ...)
NOT-FOR-US: Oracle
CVE-2017-3469 (Vulnerability in the MySQL Workbench component of Oracle MySQL ...)
- - mysql-workbench <unfixed> (bug #861487)
+ - mysql-workbench <unfixed> (low; bug #861487)
+ [stretch] - mysql-workbench <no-dsa> (Minor issue)
[jessie] - mysql-workbench <no-dsa> (Minor issue)
CVE-2017-3468 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.18-1 (bug #860547)
More information about the Secure-testing-commits
mailing list