[Secure-testing-commits] r52091 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon May 29 21:24:36 UTC 2017 

Author: jmm
Date: 2017-05-29 21:24:36 +0000 (Mon, 29 May 2017)
New Revision: 52091

Modified:
   data/CVE/list
Log:
binutils, picocom bugs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-29 21:10:12 UTC (rev 52090)
+++ data/CVE/list	2017-05-29 21:24:36 UTC (rev 52091)
@@ -139,7 +139,7 @@
 CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...)
 	NOT-FOR-US: Aries QWR-1104 Wireless-N Router
 CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
-	- picocom <unfixed>
+	- picocom <unfixed> (bug #863671)
 	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
 	- linux <unfixed>
@@ -687,33 +687,33 @@
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 CVE-2017-9043 (readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large ...)
-	- binutils <unfixed>
+	- binutils <unfixed> (bug #863674)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
 CVE-2017-9042 (readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in ...)
-	- binutils <unfixed>
+	- binutils <unfixed> (bug #863674)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
 CVE-2017-9041 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
-	- binutils <unfixed>
+	- binutils <unfixed> (bug #863674)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
 CVE-2017-9040 (GNU Binutils 2017-04-03 allows remote attackers to cause a denial of ...)
-	- binutils <unfixed>
+	- binutils <unfixed> (bug #863674)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
 CVE-2017-9039 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
-	- binutils <unfixed>
+	- binutils <unfixed> (bug #863674)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
 CVE-2017-9038 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
-	- binutils <unfixed>
+	- binutils <unfixed> (bug #863674)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
@@ -1350,6 +1350,8 @@
 	[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
 CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...)
 	- glibc <unfixed> (bug #862086)
+	[stretch] - glibc <no-dsa> (Can be fixed in a point update)
+	[jessie] - glibc <no-dsa> (Can be fixed in a point update)
 	- eglibc <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2017/05/05/2
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
@@ -7556,6 +7558,7 @@
 	NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30
 CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 ...)
 	- avahi <unfixed>
+	[stretch] - avahi <no-dsa> (Minor issue)
 	[jessie] - avahi <no-dsa> (Minor issue)
 	[wheezy] - avahi <no-dsa> (Minor issue)
 	NOTE: Task can be performed by blocking at the perimeter UDP port 5353 both for
@@ -99242,6 +99245,7 @@
 	RESERVED
 CVE-2014-2886 (GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) ...)
 	- gksu <unfixed>
+	[stretch] - gksu <no-dsa> (Minor issue)
 	[jessie] - gksu <no-dsa> (Minor issue)
 	[wheezy] - gksu <no-dsa> (Minor issue)
 	[squeeze] - gksu <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list