[Secure-testing-commits] r51310 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed May 3 16:20:56 UTC 2017 

Author: jmm
Date: 2017-05-03 16:20:56 +0000 (Wed, 03 May 2017)
New Revision: 51310

Modified:
   data/CVE/list
Log:
some no-dsa
record some historic vlc fixes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-03 16:20:30 UTC (rev 51309)
+++ data/CVE/list	2017-05-03 16:20:56 UTC (rev 51310)
@@ -383,6 +383,7 @@
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
 CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing ...)
 	- radicale 1.1.1+20160115-4 (bug #861514)
+	[jessie] - radicale <no-dsa> (Minor issue)
 	NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x)
 	NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master)
 CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in ...)
@@ -2654,6 +2655,7 @@
 	RESERVED
 CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...)
 	- rxvt <unfixed> (bug #861694)
+	[jessie] - rxvt <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
 CVE-2017-7482
 	RESERVED
@@ -3747,7 +3749,8 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f
 CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows remote ...)
-	- libav <removed>
+	- libav <removed> (low)
+	[jessie] - libav <no-dsa> (Minor issue)
 	- ffmpeg <undetermined>
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000
 	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a
@@ -115385,7 +115388,7 @@
 CVE-2013-3246
 	RESERVED
 CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media ...)
-	- vlc <unfixed> (unimportant)
+	- vlc 2.0.7-1 (unimportant)
 	NOTE: Harmless crasher
 	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
 	NOTE: http://secunia.com/blog/372/
@@ -135635,7 +135638,7 @@
 CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud before ...)
 	- owncloud 3.0.3-1
 CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...)
-	- vlc <unfixed> (unimportant; bug #671727)
+	- vlc <not-affected> (Not used, see bug #671727)
 	- taglib 1.7.2-1 (unimportant)
 CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...)
 	- cobbler <not-affected> (Fixed before initial upload)

More information about the Secure-testing-commits mailing list