[Secure-testing-commits] r56937 - in data: . CVE

Thorsten Alteholz alteholz at moszumanska.debian.org
Tue Oct 24 12:52:33 UTC 2017


Author: alteholz
Date: 2017-10-24 12:52:33 +0000 (Tue, 24 Oct 2017)
New Revision: 56937

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
follow security team and mark everything as <no-dsa>, patches still not available

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-10-24 09:26:33 UTC (rev 56936)
+++ data/CVE/list	2017-10-24 12:52:33 UTC (rev 56937)
@@ -10304,6 +10304,7 @@
 	- libytnef <unfixed> (bug #870817)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/51
 CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
 	- libquicktime <unfixed> (unimportant)
@@ -10312,11 +10313,13 @@
 	- libytnef <unfixed> (low; bug #870816)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/49
 CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in ...)
 	- libytnef <unfixed> (low; bug #870815)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/50
 CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an ...)
 	{DLA-1081-1}
@@ -17825,30 +17828,35 @@
 	- libytnef <unfixed> (low; bug #870192)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/40
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
 CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote ...)
 	- libytnef <unfixed> (low; bug #870197)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/42
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
 CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote ...)
 	- libytnef <unfixed> (low; bug #870193)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/41
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
 CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote ...)
 	- libytnef <unfixed> (low; bug #870194)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/39
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
 CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote ...)
 	- libytnef <unfixed> (low; bug #870196)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/37
 	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
 CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC ...)
@@ -19077,6 +19085,7 @@
 	- libytnef <unfixed> (bug #862707)
 	[stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
 	[jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/47
 CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
 	- tikiwiki <removed>
@@ -19468,6 +19477,7 @@
 CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer ...)
 	- libytnef 1.9.2-2 (low; bug #862556)
 	[jessie] - libytnef <no-dsa> (Minor issue)
+	[wheezy] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/45
 CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
 	NOT-FOR-US: Joomla extension

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2017-10-24 09:26:33 UTC (rev 56936)
+++ data/dla-needed.txt	2017-10-24 12:52:33 UTC (rev 56937)
@@ -62,9 +62,6 @@
 libxml-libxml-perl
   NOTE: 20170702: no upstream fix yet, so no need to bother maintainer yet, sent email later
 --
-libytnef
-  NOTE: 20170813: patches missing
---
 linux
 --
 ming (Hugo Lefeuvre)




More information about the Secure-testing-commits mailing list