[Secure-testing-commits] r49465 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 6 22:15:42 UTC 2017


Author: jmm
Date: 2017-03-06 22:15:42 +0000 (Mon, 06 Mar 2017)
New Revision: 49465

Modified:
   data/CVE/list
Log:
clarify mplayer entry
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-06 21:40:49 UTC (rev 49464)
+++ data/CVE/list	2017-03-06 22:15:42 UTC (rev 49465)
@@ -383,7 +383,7 @@
 CVE-2017-6417
 	RESERVED
 CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow ...)
-	TODO: check
+	NOT-FOR-US: SysGauge
 CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
 	- radare2 1.1.0+dfsg-3 (bug #856572)
 	NOTE: https://github.com/radare/radare2/issues/6872
@@ -398,7 +398,7 @@
 CVE-2017-6412
 	RESERVED
 CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls ...)
 	- kio <unfixed> (bug #856889)
 	- kde4libs <unfixed> (bug #856890)
@@ -558,7 +558,7 @@
 CVE-2017-6352
 	RESERVED
 CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer ...)
-	TODO: check
+	NOT-FOR-US: WePresent WiPG-1500
 CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
 	- vim <unfixed> (bug #856266)
 	[jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
@@ -586,7 +586,7 @@
 CVE-2017-6336
 	RESERVED
 CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2017-6333
 	RESERVED
 CVE-2017-6332
@@ -1400,7 +1400,7 @@
 CVE-2017-6000
 	REJECTED
 CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an ...)
-	TODO: check
+	NOT-FOR-US: sysPass
 CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE ...)
 	NOT-FOR-US: InterSect Alliance SNARE Epilog
 CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows ...)
@@ -2506,7 +2506,7 @@
 CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows ...)
 	NOT-FOR-US: Norwegian
 CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with ...)
 	NOT-FOR-US: Asus router
 CVE-2017-5631
@@ -4137,7 +4137,7 @@
 CVE-2017-5198
 	RESERVED
 CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2017-5192 [local_batch client external authentication not respected]
 	RESERVED
 	- salt 2016.11.2+ds-1
@@ -31708,9 +31708,10 @@
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
 CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat ...)
-	- mplayer <undetermined>
+	- libav <removed> (low)
+	[jessie] - libav <no-dsa> (Minor issue)
+	NOTE: This is an issue in ffmpeg/libav, which is fixed in stretch's ffmpeg, but it's unclear when it was fixed exactly
 	NOTE: https://trac.mplayerhq.hu/ticket/2298
-	TODO: probably not affected since orig.tar.gz of src:mplayer does not include libavcodec, ffmpeg/libav affected?
 CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the ...)
 	{DLA-693-1}
 	- tiff 4.0.6-3




More information about the Secure-testing-commits mailing list