[Secure-testing-commits] r56666 - in data: . CVE

Thu Oct 12 21:14:48 UTC 2017

Author: jmm
Date: 2017-10-12 21:14:48 +0000 (Thu, 12 Oct 2017)
New Revision: 56666

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
libytnef no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-10-12 21:10:16 UTC (rev 56665)
+++ data/CVE/list	2017-10-12 21:14:48 UTC (rev 56666)
@@ -8925,15 +8925,21 @@
 	NOTE: Negligable security impact
 CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the function ...)
 	- libytnef <unfixed> (bug #870817)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/51
 CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
 	- libquicktime <unfixed> (unimportant)
 	NOTE: Negligable security impact
 CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found in the ...)
-	- libytnef <unfixed> (bug #870816)
+	- libytnef <unfixed> (low; bug #870816)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/49
 CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in ...)
-	- libytnef <unfixed> (bug #870815)
+	- libytnef <unfixed> (low; bug #870815)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/50
 CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an ...)
 	{DLA-1081-1}
@@ -16311,23 +16317,33 @@
 CVE-2017-9475 (Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to ...)
 	NOT-FOR-US: Comcast XFINITY WiFi Home Hotspot devices
 CVE-2017-9474 (In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote ...)
-	- libytnef <unfixed> (bug #870192)
+	- libytnef <unfixed> (low; bug #870192)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/40
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
 CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote ...)
-	- libytnef <unfixed> (bug #870197)
+	- libytnef <unfixed> (low; bug #870197)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/42
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
 CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote ...)
-	- libytnef <unfixed> (bug #870193)
+	- libytnef <unfixed> (low; bug #870193)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/41
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
 CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote ...)
-	- libytnef <unfixed> (bug #870194)
+	- libytnef <unfixed> (low; bug #870194)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/39
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
 CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote ...)
-	- libytnef <unfixed> (bug #870196)
+	- libytnef <unfixed> (low; bug #870196)
+	[stretch] - libytnef <no-dsa> (Minor issue)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/37
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
 CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC ...)
@@ -17945,7 +17961,8 @@
 CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
 	NOT-FOR-US: Trend Micro
 CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer ...)
-	- libytnef 1.9.2-2 (bug #862556)
+	- libytnef 1.9.2-2 (low; bug #862556)
+	[jessie] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/45
 CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
 	NOT-FOR-US: Joomla extension

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2017-10-12 21:10:16 UTC (rev 56665)
+++ data/dsa-needed.txt	2017-10-12 21:14:48 UTC (rev 56666)
@@ -31,8 +31,6 @@
 --
 libxml-libxml-perl (carnil)
 --
-libytnef
---
 linux
   Wait until more issues have piled up
 --


