[Secure-testing-commits] r56764 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Oct 16 20:01:25 UTC 2017


Author: carnil
Date: 2017-10-16 20:01:25 +0000 (Mon, 16 Oct 2017)
New Revision: 56764

Modified:
   data/CVE/list
Log:
Add bug references for sox and mark issues as no-dsa

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-16 19:38:32 UTC (rev 56763)
+++ data/CVE/list	2017-10-16 20:01:25 UTC (rev 56764)
@@ -17,13 +17,19 @@
 CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
 	NOT-FOR-US: E-Sic
 CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #878808)
+	[stretch] - sox <no-dsa> (Minor issue)
+	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
 CVE-2017-15371 (There is a reachable assertion abort in the function ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #878809)
+	[stretch] - sox <no-dsa> (Minor issue)
+	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
 CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...)
-	- sox <unfixed>
+	- sox <unfixed> (bug #878810)
+	[stretch] - sox <no-dsa> (Minor issue)
+	[jessie] - sox <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
 CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...)
 	- mupdf <not-affected> (Vulnerable code introduced later)




More information about the Secure-testing-commits mailing list