[Secure-testing-commits] r56624 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Oct 11 21:16:38 UTC 2017


Author: carnil
Date: 2017-10-11 21:16:38 +0000 (Wed, 11 Oct 2017)
New Revision: 56624

Modified:
   data/CVE/list
Log:
Add two new libextractor CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-11 21:11:48 UTC (rev 56623)
+++ data/CVE/list	2017-10-11 21:16:38 UTC (rev 56624)
@@ -1,9 +1,15 @@
 CVE-2017-15268
 	RESERVED
 CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...)
-	TODO: check
+	- libextractor <unfixed>
+	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
+	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600
 CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
-	TODO: check
+	- libextractor <unfixed>
+	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
+	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
 CVE-2017-15265 [use-after-free in /dev/snd/seq]
 	RESERVED
 	- linux <unfixed>




More information about the Secure-testing-commits mailing list