[Secure-testing-commits] r56483 - in data: . CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Oct 7 08:52:25 UTC 2017 

Author: carnil
Date: 2017-10-07 08:52:25 +0000 (Sat, 07 Oct 2017)
New Revision: 56483

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
Merge first set of fixes for Stretch point release (9.2)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-07 08:38:49 UTC (rev 56482)
+++ data/CVE/list	2017-10-07 08:52:25 UTC (rev 56483)
@@ -3725,43 +3725,43 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988
 CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...)
 	- ncurses 6.0+20170827-1 (bug #873723)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291
 CVE-2017-13733 (There is an illegal address access in the fmt_entry function in ...)
 	- ncurses 6.0+20170902-1 (bug #873746)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290
 CVE-2017-13732 (There is an illegal address access in the function dump_uses() in ...)
 	- ncurses 6.0+20170827-1 (bug #873723)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287
 CVE-2017-13731 (There is an illegal address access in the function ...)
 	- ncurses 6.0+20170827-1 (bug #873723)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285
 CVE-2017-13730 (There is an illegal address access in the function ...)
 	- ncurses 6.0+20170827-1 (bug #873723)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284
 CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in ...)
 	- ncurses 6.0+20170827-1 (bug #873723)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276
 CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...)
 	- ncurses 6.0+20170827-1 (bug #873723)
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
@@ -10345,7 +10345,7 @@
 	RESERVED
 CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...)
 	- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
-	[stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
+	[stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
 	NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
 	NOTE: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
 CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...)
@@ -11328,13 +11328,13 @@
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
 CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
 	- ncurses 6.0+20170701-1
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691
 CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...)
 	- ncurses 6.0+20170701-1
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
@@ -11818,14 +11818,14 @@
 CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the ...)
 	{DLA-1089-1}
 	- irssi 1.0.4-1 (low; bug #867598)
-	[stretch] - irssi <no-dsa> (Minor issue)
+	[stretch] - irssi 1.0.2-1+deb9u2
 	[jessie] - irssi <no-dsa> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
 	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
 CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...)
 	{DLA-1089-1}
 	- irssi 1.0.4-1 (low; bug #867598)
-	[stretch] - irssi <no-dsa> (Minor issue)
+	[stretch] - irssi 1.0.2-1+deb9u2
 	[jessie] - irssi <no-dsa> (Minor issue)
 	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
 	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
@@ -11902,7 +11902,7 @@
 CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
 	{DLA-1044-1}
 	- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
-	[stretch] - ipsec-tools <no-dsa> (Will be fixed via point release)
+	[stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
 	[jessie] - ipsec-tools <no-dsa> (Will be fixed via point release)
 	NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
 	NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
@@ -12453,13 +12453,13 @@
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414
 CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entry ...)
 	- ncurses 6.0+20170701-1
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692
 CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry ...)
 	- ncurses 6.0+20170708-1
-	[stretch] - ncurses <no-dsa> (Minor issue)
+	[stretch] - ncurses 6.0+20161126-1+deb9u1
 	[jessie] - ncurses <no-dsa> (Minor issue)
 	[wheezy] - ncurses <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687
@@ -15329,11 +15329,11 @@
 	NOT-FOR-US: Infotecs ViPNet Client and Coordinator
 CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...)
 	- kdepim 4:16.04.3-4 (bug #864804)
-	[stretch] - kdepim <no-dsa> (Minor issue)
+	[stretch] - kdepim 4:16.04.3-4~deb9u1
 	[jessie] - kdepim <no-dsa> (Minor issue)
 	[wheezy] - kdepim <not-affected> (sendlater issue is not present in kdepim-4.4.11.1+l10n)
 	- kf5-messagelib 4:16.04.3-3 (bug #864803)
-	[stretch] - kf5-messagelib <no-dsa> (Minor issue)
+	[stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
 	NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
 	NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197
 	NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt
@@ -83810,7 +83810,7 @@
 	REJECTED
 CVE-2015-5191 (VMware Tools prior to 10.0.9 contains multiple file system races in ...)
 	- open-vm-tools 2:10.1.5-5055683-5 (low; bug #869633)
-	[stretch] - open-vm-tools <no-dsa> (Minor issue)
+	[stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1
 	[jessie] - open-vm-tools <not-affected> (Vulnerable code not present)
 	[wheezy] - open-vm-tools <not-affected> (Vulnerable code not present)
 	NOTE: 9.10.x: https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2017-10-07 08:38:49 UTC (rev 56482)
+++ data/next-point-update.txt	2017-10-07 08:52:25 UTC (rev 56483)
@@ -1,38 +1,3 @@
-CVE-2017-11113
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-11112
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-10684
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-10685
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13728
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13729
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13730
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13731
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13732
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13733
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13734
-	[stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-9604
-	[stretch] - kdepim 4:16.04.3-4~deb9u1
-	[stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
-CVE-2015-5191
-	[stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1
-CVE-2017-11421
-	[stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
-CVE-2016-10396
-	[stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
-CVE-2017-10966
-	[stretch] - irssi 1.0.2-1+deb9u2
-CVE-2017-10965
-	[stretch] - irssi 1.0.2-1+deb9u2
 CVE-2017-6257
 	[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
 CVE-2017-6259

More information about the Secure-testing-commits mailing list