[Secure-testing-commits] r49465 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Mar 6 22:15:42 UTC 2017
Author: jmm
Date: 2017-03-06 22:15:42 +0000 (Mon, 06 Mar 2017)
New Revision: 49465
Modified:
data/CVE/list
Log:
clarify mplayer entry
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-06 21:40:49 UTC (rev 49464)
+++ data/CVE/list 2017-03-06 22:15:42 UTC (rev 49465)
@@ -383,7 +383,7 @@
CVE-2017-6417
RESERVED
CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow ...)
- TODO: check
+ NOT-FOR-US: SysGauge
CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
- radare2 1.1.0+dfsg-3 (bug #856572)
NOTE: https://github.com/radare/radare2/issues/6872
@@ -398,7 +398,7 @@
CVE-2017-6412
RESERVED
CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls ...)
- kio <unfixed> (bug #856889)
- kde4libs <unfixed> (bug #856890)
@@ -558,7 +558,7 @@
CVE-2017-6352
RESERVED
CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer ...)
- TODO: check
+ NOT-FOR-US: WePresent WiPG-1500
CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
- vim <unfixed> (bug #856266)
[jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
@@ -586,7 +586,7 @@
CVE-2017-6336
RESERVED
CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2017-6333
RESERVED
CVE-2017-6332
@@ -1400,7 +1400,7 @@
CVE-2017-6000
REJECTED
CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an ...)
- TODO: check
+ NOT-FOR-US: sysPass
CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE ...)
NOT-FOR-US: InterSect Alliance SNARE Epilog
CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows ...)
@@ -2506,7 +2506,7 @@
CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows ...)
NOT-FOR-US: Norwegian
CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with ...)
NOT-FOR-US: Asus router
CVE-2017-5631
@@ -4137,7 +4137,7 @@
CVE-2017-5198
RESERVED
CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2017-5192 [local_batch client external authentication not respected]
RESERVED
- salt 2016.11.2+ds-1
@@ -31708,9 +31708,10 @@
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat ...)
- - mplayer <undetermined>
+ - libav <removed> (low)
+ [jessie] - libav <no-dsa> (Minor issue)
+ NOTE: This is an issue in ffmpeg/libav, which is fixed in stretch's ffmpeg, but it's unclear when it was fixed exactly
NOTE: https://trac.mplayerhq.hu/ticket/2298
- TODO: probably not affected since orig.tar.gz of src:mplayer does not include libavcodec, ffmpeg/libav affected?
CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the ...)
{DLA-693-1}
- tiff 4.0.6-3
More information about the Secure-testing-commits
mailing list