[Secure-testing-commits] r56619 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Oct 11 20:40:49 UTC 2017
Author: jmm
Date: 2017-10-11 20:40:49 +0000 (Wed, 11 Oct 2017)
New Revision: 56619
Modified:
data/CVE/list
Log:
mark a few no-dsa issues as ignored
remove bogus gnome-keyring entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-11 20:00:11 UTC (rev 56618)
+++ data/CVE/list 2017-10-11 20:40:49 UTC (rev 56619)
@@ -27190,9 +27190,9 @@
NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib ...)
- zziplib <unfixed> (bug #864150; bug #854727)
- [stretch] - zziplib <no-dsa> (Minor issue)
- [jessie] - zziplib <no-dsa> (Minor issue)
- [wheezy] - zziplib <no-dsa> (Minor issue)
+ [stretch] - zziplib <ignored> (Minor issue)
+ [jessie] - zziplib <ignored> (Minor issue)
+ [wheezy] - zziplib <ignored> (Minor issue)
NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block function ...)
{DSA-3878-1 DLA-994-1}
@@ -27563,11 +27563,6 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/5
NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749
NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
-CVE-2017-XXXX [gnome-keyring lives on after ssh session stops]
- - gnome-keyring <unfixed> (low; bug #395572)
- [stretch] - gnome-keyring <no-dsa> (Minor issue)
- [jessie] - gnome-keyring <no-dsa> (Minor issue)
- [wheezy] - gnome-keyring <no-dsa> (Minor issue)
CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...)
- libapache2-mod-auth-openidc 2.1.5-1
[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -62169,9 +62164,9 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/5
CVE-2012-XXXX [Option -localhost seems to fail to restrict ipv6 access]
- x11vnc <unfixed> (bug #672435)
- [stretch] - x11vnc <no-dsa> (Minor issue; workaround exits)
- [jessie] - x11vnc <no-dsa> (Minor issue; workaround exits)
- [wheezy] - x11vnc <no-dsa> (Minor issue; workaround exits)
+ [stretch] - x11vnc <ignored> (Minor issue; workaround exits)
+ [jessie] - x11vnc <ignored> (Minor issue; workaround exits)
+ [wheezy] - x11vnc <ignored> (Minor issue; workaround exits)
CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...)
- squid3 3.5.16-1 (bug #819784)
[jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
@@ -65975,9 +65970,9 @@
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
- policykit-1 <unfixed> (bug #816062; bug #812512)
- [stretch] - policykit-1 <no-dsa> (Minor issue)
- [jessie] - policykit-1 <no-dsa> (Minor issue)
- [wheezy] - policykit-1 <no-dsa> (Minor issue)
+ [stretch] - policykit-1 <ignored> (Minor issue)
+ [jessie] - policykit-1 <ignored> (Minor issue)
+ [wheezy] - policykit-1 <ignored> (Minor issue)
NOTE: Restricting ioctl on the kernel side seems the better approach
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746
CVE-2016-2558 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
More information about the Secure-testing-commits
mailing list