[Secure-testing-commits] r52916 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jun 26 06:44:53 UTC 2017
Author: carnil
Date: 2017-06-26 06:44:53 +0000 (Mon, 26 Jun 2017)
New Revision: 52916
Modified:
data/CVE/list
Log:
Three CVEs finally assigned for three older bugs for src:lame
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-26 05:46:01 UTC (rev 52915)
+++ data/CVE/list 2017-06-26 06:44:53 UTC (rev 52916)
@@ -17,12 +17,6 @@
- poppler <unfixed>
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774
NOTE: http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
-CVE-2015-9101 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME ...)
- TODO: check
-CVE-2015-9100 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME ...)
- TODO: check
-CVE-2015-9099 (The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 ...)
- TODO: check
CVE-2017-9864
RESERVED
CVE-2017-9863
@@ -80607,11 +80601,21 @@
- macchanger 1.7.0-5.3 (bug #774898)
[wheezy] - macchanger <no-dsa> (Minor issue)
[squeeze] - macchanger <no-dsa> (Minor issue)
-CVE-2015-XXXX [lame missing check for samplerate]
- - lame 3.99.5+repack1-6 (bug #775959; bug #777160; bug #777161)
+CVE-2015-9101
+ - lame 3.99.5+repack1-6 (bug #777161)
[wheezy] - lame 3.99.5+repack1-3+deb7u1
[squeeze] - lame <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/12/8
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+CVE-2015-9100
+ - lame 3.99.5+repack1-6 (bug #777160)
+ [wheezy] - lame 3.99.5+repack1-3+deb7u1
+ [squeeze] - lame <no-dsa> (minor issue)
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+CVE-2015-9099
+ - lame 3.99.5+repack1-6 (bug #775959)
+ [wheezy] - lame 3.99.5+repack1-3+deb7u1
+ [squeeze] - lame <no-dsa> (Minor issue)
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-XXXX [denial of service under memory stress]
- libhtp <removed> (bug #777522)
[squeeze] - libhtp <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list