[Secure-testing-commits] r57860 - in data: CVE DLA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Nov 20 18:17:54 UTC 2017
Author: jmm
Date: 2017-11-20 18:17:54 +0000 (Mon, 20 Nov 2017)
New Revision: 57860
Modified:
data/CVE/list
data/DLA/list
Log:
fix opencv entry
htslib no-dsa
ffmpeg postponed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-20 16:14:36 UTC (rev 57859)
+++ data/CVE/list 2017-11-20 18:17:54 UTC (rev 57860)
@@ -123,6 +123,8 @@
NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to ...)
- htslib 1.4.1-1
+ [stretch] - htslib <no-dsa> (Minor issue)
+ [jessie] - htslib <no-dsa> (Minor issue)
CVE-2017-1000204
REJECTED
CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...)
@@ -625,8 +627,9 @@
NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
NOTE: https://github.com/radare/radare2/issues/8813
CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...)
- - libav <removed>
- - ffmpeg <unfixed>
+ - libav <removed> (low)
+ - ffmpeg <unfixed> (low)
+ [stretch] - ffmpeg <postponed> (Can be fixed with next 3.2.x release)
NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
@@ -8104,8 +8107,7 @@
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004
NOTE: ImageMagick in Debian not compiled with webp support (--with-webp=yes)
CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds ...)
- {DLA-1117-1}
- - opencv <unfixed>
+ - opencv <not-affected> (Incomplete patch never shipped)
NOTE: https://github.com/opencv/opencv/issues/9443
NOTE: https://github.com/opencv/opencv/pull/9448
CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the ...)
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2017-11-20 16:14:36 UTC (rev 57859)
+++ data/DLA/list 2017-11-20 18:17:54 UTC (rev 57860)
@@ -193,7 +193,7 @@
{CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824}
[wheezy] - firefox-esr 52.4.0esr-2~deb7u1
[29 Sep 2017] DLA-1117-1 opencv - security update
- {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136}
+ {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864}
[wheezy] - opencv 2.3.1-11+deb7u2
[27 Sep 2017] DLA-1116-1 poppler - security update
{CVE-2017-14517 CVE-2017-14519 CVE-2017-14617}
More information about the Secure-testing-commits
mailing list