[Secure-testing-commits] r57955 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Nov 23 12:26:23 UTC 2017 

Author: jmm
Date: 2017-11-23 12:26:23 +0000 (Thu, 23 Nov 2017)
New Revision: 57955

Modified:
   data/CVE/list
Log:
shairpoint non-issue
a few no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-23 11:50:22 UTC (rev 57954)
+++ data/CVE/list	2017-11-23 12:26:23 UTC (rev 57955)
@@ -218,6 +218,7 @@
 	REJECTED
 CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...)
 	- root-system <removed>
+	[jessie] - root-system <ignored> (Minor issue)
 	[wheezy] - root-system <ignored> (Minor issue as it's restricted to authenticated users)
 	NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e
 CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...)
@@ -356,6 +357,8 @@
 	NOT-FOR-US: EllisLab ExpressionEngine
 CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
 	- python2.7 2.7.13-4
+	[stretch] - python2.7 <no-dsa> (Minor issue)
+	[jessie] - python2.7 <no-dsa> (Minor issue)
 	- python2.6 <removed>
 	NOTE: https://bugs.python.org/issue30657
 	NOTE: https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
@@ -3356,6 +3359,8 @@
 CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" ...)
 	{DLA-1161-1}
 	- redis 3:3.2.7-1
+	[stretch] - redis <no-dsa> (Minor issue)
+	[jessie] - redis <no-dsa> (Minor issue)
 	NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
 CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin ...)
 	NOT-FOR-US: WordPress plugin wp-noexternallinks
@@ -14231,6 +14236,9 @@
 	RESERVED
 CVE-2017-12087
 	RESERVED
+	- shairport-sync <unfixed> (unimportant)
+	NOTE: Debian build uses Avahi instead
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
 CVE-2017-12086
 	RESERVED
 CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...)

More information about the Secure-testing-commits mailing list