[Secure-testing-commits] r52596 - in data: . CVE
Markus Koschany
apo at moszumanska.debian.org
Thu Jun 15 21:34:52 UTC 2017
Author: apo
Date: 2017-06-15 21:34:52 +0000 (Thu, 15 Jun 2017)
New Revision: 52596
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2017-5666,mp3splt: no-dsa for Wheezy
Follow Jessie.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-15 21:10:13 UTC (rev 52595)
+++ data/CVE/list 2017-06-15 21:34:52 UTC (rev 52596)
@@ -11832,6 +11832,7 @@
CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
- mp3splt <unfixed> (bug #854278)
[jessie] - mp3splt <no-dsa> (Minor issue)
+ [wheezy] - mp3splt <no-dsa> (Minor issue)
NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c
NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
CVE-2017-5665 (The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-06-15 21:10:13 UTC (rev 52595)
+++ data/dla-needed.txt 2017-06-15 21:34:52 UTC (rev 52596)
@@ -68,14 +68,6 @@
--
mercurial
--
-mp3splt
- NOTE: 2017-02-28: No patch available. Reproducer doesn't work with Debian
- NOTE: packages (tested on Stretch, Jessie and Wheezy). It's claimed to
- NOTE: work with build flag '-fsanitize=address', which I wasn't able to
- NOTE: verify either. For more details, see the discussion at
- NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/
- NOTE: -- Jonas Meurer
---
mupdf
--
mysql-connector-python
More information about the Secure-testing-commits
mailing list