[Secure-testing-commits] r56900 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Oct 20 21:15:30 UTC 2017 

Author: jmm
Date: 2017-10-20 21:15:30 +0000 (Fri, 20 Oct 2017)
New Revision: 56900

Modified:
   data/CVE/list
Log:
remove undetermined apple libxml entries, no point
various no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-20 21:14:49 UTC (rev 56899)
+++ data/CVE/list	2017-10-20 21:15:30 UTC (rev 56900)
@@ -96,6 +96,8 @@
 	NOT-FOR-US: IKARUS Anti Virus
 CVE-2017-15650 (musl libc before 1.1.17 has a buffer overflow via crafted DNS replies ...)
 	- musl 1.1.17-1
+	[stretch] - musl <no-dsa> (Minor issue)
+	[jessie] - musl <no-dsa> (Minor issue)
 	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
 CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...)
 	- sox <unfixed>
@@ -163,6 +165,7 @@
 	RESERVED
 CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...)
 	- mistune <unfixed> (bug #879098)
+	[stretch] - mistune <no-dsa> (Minor issue)
 	NOTE: https://github.com/lepture/mistune/pull/140
 CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly ...)
 	NOT-FOR-US: Octopus Deploy
@@ -1548,7 +1551,9 @@
 CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...)
 	- golang-1.9 1.9.1-1
 	- golang-1.8 1.8.4-1
+	[stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
 	- golang-1.7 <unfixed>
+	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
 	- golang <removed>
 	[wheezy] - golang <not-affected> (Vulnerable code introduced later in version 1.1)
 	NOTE: https://github.com/golang/go/issues/22134
@@ -1558,7 +1563,9 @@
 CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...)
 	- golang-1.9 1.9.1-1
 	- golang-1.8 1.8.4-1
+	[stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
 	- golang-1.7 <unfixed>
+	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
 	- golang <removed>
 	NOTE: https://github.com/golang/go/issues/22125
 	NOTE: https://golang.org/cl/68022
@@ -2706,10 +2713,12 @@
 CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb ...)
 	{DLA-1127-1}
 	- sam2p <removed> (bug #876744)
+	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 5)
 CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes ...)
 	{DLA-1127-1}
 	- sam2p <removed> (bug #876744)
+	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
 CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before ...)
 	{DLA-1119-1}
@@ -2746,18 +2755,22 @@
 CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an ...)
 	{DLA-1127-1}
 	- sam2p <removed> (bug #876744)
+	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 1)
 CVE-2017-14630 (In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 ...)
 	{DLA-1127-1}
 	- sam2p <removed> (bug #876744)
+	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 6)
 CVE-2017-14629 (In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an ...)
 	{DLA-1127-1}
 	- sam2p <removed> (bug #876744)
+	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 3)
 CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the ...)
 	{DLA-1127-1}
 	- sam2p <removed> (bug #876744)
+	[jessie] - sam2p <no-dsa> (Minor issue)
 	NOTE: https://github.com/pts/sam2p/issues/14 (bug 2)
 CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
 	NOT-FOR-US: CyberLink LabelPrint
@@ -25523,7 +25536,7 @@
 CVE-2017-7014 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-7013 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 CVE-2017-7012 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
 	- webkit2gtk 2.16.3-2 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
@@ -25533,7 +25546,7 @@
 	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
 	NOTE: Not covered by security support
 CVE-2017-7010 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 CVE-2017-7009 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
 	NOT-FOR-US: Apple
 CVE-2017-7008 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
@@ -61399,13 +61412,13 @@
 CVE-2016-4617 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
 	NOT-FOR-US: Apple
 CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 	NOTE: contacted Apple for more information, but no reply for quite a while
 CVE-2016-4615 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 	NOTE: contacted Apple for more information, but no reply for quite a while
 CVE-2016-4614 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 	NOTE: contacted Apple for more information, but no reply for quite a while
 CVE-2016-4613 (An issue was discovered in certain Apple products. Safari before ...)
 	NOT-FOR-US: Apple
@@ -80439,9 +80452,9 @@
 CVE-2015-7117 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2015-7116 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 CVE-2015-7115 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
-	- libxml2 <undetermined>
+	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
 CVE-2015-7114
 	REJECTED
 CVE-2015-7113 (The LaunchServices component in Apple iOS before 9.2 and watchOS ...)
@@ -80756,6 +80769,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
 CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows ...)
 	- web2py 2.12.3-1
+	[jessie] - web2py <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0 (R-2.12.1)
 	NOTE: https://github.com/web2py/web2py/issues/731
 CVE-2015-6960

More information about the Secure-testing-commits mailing list