[Secure-testing-commits] r50182 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 29 21:21:51 UTC 2017 

Author: jmm
Date: 2017-03-29 21:21:51 +0000 (Wed, 29 Mar 2017)
New Revision: 50182

Modified:
   data/CVE/list
Log:
various no-dsa for jessie


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-29 21:01:54 UTC (rev 50181)
+++ data/CVE/list	2017-03-29 21:21:51 UTC (rev 50182)
@@ -226,6 +226,7 @@
 	NOTE: in fz_subsample_pixmap.
 CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
 	- potrace <unfixed> (bug #858763)
+	[jessie] - potrace <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
 	NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH
 	NOTE: This CVE is for an incomplete fix of CVE-2016-8698
@@ -2183,6 +2184,7 @@
 	{DLA-848-1}
 	[experimental] - freetype 2.7.1-0.1
 	- freetype <unfixed> (bug #856971)
+	[jessie] - freetype <no-dsa> (Minor issue)
 	NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
 	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7)
@@ -6338,6 +6340,7 @@
 	NOT-FOR-US: D-Link
 CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) ...)
 	- python-pysaml2 <unfixed>
+	[jessie] - python-pysaml2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/rohe/pysaml2/issues/366
 	NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
@@ -22223,9 +22226,11 @@
 	NOTE: that would trigger the format string vulnerability.
 CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote ...)
 	- potrace <unfixed> (low; bug #850595)
+	[jessie] - potrace <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
 CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote ...)
 	- potrace 1.13-3 (bug #843861)
+	[jessie] - potrace <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
 CVE-2016-8684 (The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 ...)
 	{DSA-3746-1 DLA-683-1}

More information about the Secure-testing-commits mailing list