[Secure-testing-commits] r56382 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Oct 3 19:26:23 UTC 2017 

Author: carnil
Date: 2017-10-03 19:26:23 +0000 (Tue, 03 Oct 2017)
New Revision: 56382

Modified:
   data/CVE/list
Log:
Update status for libgig issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-03 18:55:20 UTC (rev 56381)
+++ data/CVE/list	2017-10-03 19:26:23 UTC (rev 56382)
@@ -5297,35 +5297,35 @@
 	[jessie] - libgig <no-dsa> (Minor issue)
 	[wheezy] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
-	TODO: check, seem fixed with 4.0.0-4
+	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3349
 CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in ...)
-	- libgig <unfixed> (low; bug #873718)
+	- libgig 4.0.0-4 (low; bug #873718)
 	[stretch] - libgig <no-dsa> (Minor issue)
 	[jessie] - libgig <no-dsa> (Minor issue)
 	[wheezy] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
-	TODO: check, seem fixed with 4.0.0-4
+	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
 CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote ...)
-	- libgig <unfixed> (low; bug #873718)
+	- libgig 4.0.0-4 (low; bug #873718)
 	[stretch] - libgig <no-dsa> (Minor issue)
 	[jessie] - libgig <no-dsa> (Minor issue)
 	[wheezy] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
-	TODO: check, seem fixed with 4.0.0-4
+	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
 CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in ...)
 	- libgig <unfixed> (low; bug #873718)
 	[stretch] - libgig <no-dsa> (Minor issue)
 	[jessie] - libgig <no-dsa> (Minor issue)
 	[wheezy] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
-	TODO: check, seem fixed with 4.0.0-4, but fix uncovers one more problem
+	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3349
 CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows ...)
-	- libgig <unfixed> (low; bug #873718)
+	- libgig 4.0.0-4 (low; bug #873718)
 	[stretch] - libgig <no-dsa> (Minor issue)
 	[jessie] - libgig <no-dsa> (Minor issue)
 	[wheezy] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
-	TODO: check, seem fixed with 4.0.0-4
+	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
 CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...)
 	NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress
 CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier ...)

More information about the Secure-testing-commits mailing list