[Secure-testing-commits] r57860 - in data: CVE DLA

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Nov 20 18:17:54 UTC 2017


Author: jmm
Date: 2017-11-20 18:17:54 +0000 (Mon, 20 Nov 2017)
New Revision: 57860

Modified:
   data/CVE/list
   data/DLA/list
Log:
fix opencv entry
htslib no-dsa
ffmpeg postponed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-20 16:14:36 UTC (rev 57859)
+++ data/CVE/list	2017-11-20 18:17:54 UTC (rev 57860)
@@ -123,6 +123,8 @@
 	NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
 CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to ...)
 	- htslib 1.4.1-1
+	[stretch] - htslib <no-dsa> (Minor issue)
+	[jessie] - htslib <no-dsa> (Minor issue)
 CVE-2017-1000204
 	REJECTED
 CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...)
@@ -625,8 +627,9 @@
 	NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
 	NOTE: https://github.com/radare/radare2/issues/8813
 CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...)
-	- libav <removed>
-	- ffmpeg <unfixed>
+	- libav <removed> (low)
+	- ffmpeg <unfixed> (low)
+	[stretch] - ffmpeg <postponed> (Can be fixed with next 3.2.x release)
 	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
 	NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
@@ -8104,8 +8107,7 @@
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004
 	NOTE: ImageMagick in Debian not compiled with webp support (--with-webp=yes)
 CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds ...)
-	{DLA-1117-1}
-	- opencv <unfixed>
+	- opencv <not-affected> (Incomplete patch never shipped)
 	NOTE: https://github.com/opencv/opencv/issues/9443
 	NOTE: https://github.com/opencv/opencv/pull/9448
 CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the ...)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2017-11-20 16:14:36 UTC (rev 57859)
+++ data/DLA/list	2017-11-20 18:17:54 UTC (rev 57860)
@@ -193,7 +193,7 @@
 	{CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824}
 	[wheezy] - firefox-esr 52.4.0esr-2~deb7u1
 [29 Sep 2017] DLA-1117-1 opencv - security update
-	{CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136}
+	{CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864}
 	[wheezy] - opencv 2.3.1-11+deb7u2
 [27 Sep 2017] DLA-1116-1 poppler - security update
 	{CVE-2017-14517 CVE-2017-14519 CVE-2017-14617}




More information about the Secure-testing-commits mailing list