[Secure-testing-commits] r52156 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed May 31 17:25:40 UTC 2017 

Author: jmm
Date: 2017-05-31 17:25:40 +0000 (Wed, 31 May 2017)
New Revision: 52156

Modified:
   data/CVE/list
Log:
multiple no-dsa for stretch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-31 14:37:13 UTC (rev 52155)
+++ data/CVE/list	2017-05-31 17:25:40 UTC (rev 52156)
@@ -876,36 +876,43 @@
 	NOT-FOR-US: Google I/O 2017 application
 CVE-2017-9044 (The print_symbol_for_build_attribute function in readelf.c in GNU ...)
 	- binutils <unfixed>
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 CVE-2017-9043 (readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large ...)
 	- binutils <unfixed> (bug #863674)
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
 CVE-2017-9042 (readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in ...)
 	- binutils <unfixed> (bug #863674)
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
 CVE-2017-9041 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
 	- binutils <unfixed> (bug #863674)
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
 CVE-2017-9040 (GNU Binutils 2017-04-03 allows remote attackers to cause a denial of ...)
 	- binutils <unfixed> (bug #863674)
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
 CVE-2017-9039 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
 	- binutils <unfixed> (bug #863674)
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
 CVE-2017-9038 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
 	- binutils <unfixed> (bug #863674)
+	[stretch] - binutils <no-dsa> (Minor issue)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
@@ -4445,6 +4452,7 @@
 	NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload
 CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the ...)
 	- libsamplerate <unfixed> (bug #860159)
+	[stretch] - libsamplerate <no-dsa> (Minor issue)
 	[jessie] - libsamplerate <no-dsa> (Minor issue)
 	[wheezy] - libsamplerate <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsamplerate/issues/11
@@ -26603,7 +26611,8 @@
 	NOTE: XML::SAX::PurePerl which is uncapable of processing external entities
 	NOTE: but unfortunately it is also a slow parser.
 CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented as ...)
-	- libxml-twig-perl <unfixed> (bug #842893)
+	- libxml-twig-perl <unfixed> (low; bug #842893)
+	[stretch] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
 	[wheezy] - libxml-twig-perl <no-dsa> (Minor issue, new flag would require changes to applications too, not worth the effort)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
@@ -66353,6 +66362,7 @@
 CVE-2015-5160 [Ceph id/key leaked in the process list]
 	RESERVED
 	- libvirt <unfixed> (low; bug #796111)
+	[stretch] - libvirt <no-dsa> (Minor issue)
 	[jessie] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
 	[wheezy] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
 	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
@@ -121877,6 +121887,7 @@
 	- typo3-src 4.5.19+dfsg1-5 (bug #702574)
 CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
 	- libnet-server-perl <unfixed> (low; bug #702914)
+	[stretch] - libnet-server-perl <no-dsa> (Minor issue)
 	[jessie] - libnet-server-perl <no-dsa> (Minor issue)
 	[wheezy] - libnet-server-perl <no-dsa> (Minor issue)
 	[squeeze] - libnet-server-perl <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list