[Secure-testing-commits] r56827 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Oct 18 15:55:45 UTC 2017
Author: jmm
Date: 2017-10-18 15:55:45 +0000 (Wed, 18 Oct 2017)
New Revision: 56827
Modified:
data/CVE/list
Log:
two unimportant linux issues fixed
mark yara as ignored
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-18 15:52:43 UTC (rev 56826)
+++ data/CVE/list 2017-10-18 15:55:45 UTC (rev 56827)
@@ -12015,8 +12015,8 @@
NOT-FOR-US: Android
CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item() function in ...)
- yara 3.6.3+dfsg-1
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - yara <ignored> (Minor issue, too intrusive to backport)
NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f
CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve ...)
NOT-FOR-US: Tilde CMS
@@ -14139,12 +14139,12 @@
- linux <unfixed> (unimportant)
NOTE: No security issue, only "exploitable" with malicious ISA cards
CVE-2017-9985 (The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...)
- - linux <unfixed> (unimportant)
+ - linux 4.13.4-1 (unimportant)
NOTE: No security issue, only "exploitable" with malicious ISA cards
NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196133
CVE-2017-9984 (The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in ...)
- - linux <unfixed> (unimportant)
+ - linux 4.13.4-1 (unimportant)
NOTE: No security issue, only "exploitable" with malicious ISA cards
NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196131
@@ -17275,8 +17275,8 @@
NOT-FOR-US: TP-Link
CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...)
- yara 3.6.2+dfsg-1 (low; bug #864517)
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - yara <ignored> (Minor issue, too intrusive to backport)
NOTE: https://github.com/VirusTotal/yara/issues/678
NOTE: https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and probably ...)
@@ -17357,8 +17357,8 @@
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...)
- yara 3.6.1+dfsg-1 (low; bug #864518)
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - yara <ignored> (Minor issue, too intrusive to backport)
NOTE: https://github.com/VirusTotal/yara/issues/674
NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This ...)
@@ -17776,8 +17776,8 @@
- tikiwiki <removed>
CVE-2017-9304 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...)
- yara 3.6.1+dfsg-1 (bug #863842)
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - yara <ignored> (Minor issue, too intrusive to backport)
NOTE: https://github.com/VirusTotal/yara/issues/674
NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699
CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running ...)
@@ -19132,8 +19132,8 @@
NOT-FOR-US: Simple Invoices
CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 ...)
- yara 3.6.0+dfsg-1
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - yara <ignored> (Minor issue, too intrusive to backport)
NOTE: https://github.com/VirusTotal/yara/issues/658
NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e
CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...)
@@ -20823,8 +20823,8 @@
NOTE: https://core.trac.wordpress.org/ticket/25239
CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote ...)
- yara 3.6.0+dfsg-1 (bug #861590)
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <ignored> (Minor issue, too intrusive to backport)
+ [jessie] - yara <ignored> (Minor issue, too intrusive to backport)
NOTE: https://github.com/VirusTotal/yara/issues/646
NOTE: https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e
CVE-2017-8293
More information about the Secure-testing-commits
mailing list