[Secure-testing-commits] r51257 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue May 2 04:57:32 UTC 2017


Author: carnil
Date: 2017-05-02 04:57:32 +0000 (Tue, 02 May 2017)
New Revision: 51257

Modified:
   data/CVE/list
Log:
Triage libmad issues, fixed in 0.15.1b-4 for Debian

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-02 04:50:18 UTC (rev 51256)
+++ data/CVE/list	2017-05-02 04:57:32 UTC (rev 51257)
@@ -64,14 +64,15 @@
 CVE-2017-8375
 	RESERVED
 CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...)
-	- libmad <unfixed>
+	- libmad 0.15.1b-4
+	NOTE: Addressed by patch from #508133
 CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...)
-	- libmad <unfixed>
+	- libmad 0.15.1b-4
+	NOTE: Addressed by patch from #508133
 CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
-	- libmad <undetermined>
+	- libmad 0.15.1b-4 (unimportant)
 	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
-	NOTE: No assertion failure with reproducer, if fails when built with debug then unimportant
-	TODO: likely fixed 0.15.1b-4 in via the patch for #508133
+	NOTE: Addressed by patch from #508133
 CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2017-8370




More information about the Secure-testing-commits mailing list