[Secure-testing-commits] r55427 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-09-03 21:14:07 +0000 (Sun, 03 Sep 2017)
New Revision: 55427

Modified:
   data/CVE/list
Log:
unrar CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-03 21:10:16 UTC (rev 55426)
+++ data/CVE/list	2017-09-03 21:14:07 UTC (rev 55427)
@@ -1,9 +1,12 @@
 CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based ...)
-	TODO: check
+	- unrar-free <unfixed> (bug #874060)
+	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
 CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
-	TODO: check
+	- unrar-free <unfixed> (bug #874061)
+	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory ...)
-	TODO: check
+	- unrar-free <unfixed> (bug #874059)
+	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
 CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, ...)
 	TODO: check
 CVE-2017-14118 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, ...)
@@ -14,15 +17,6 @@
 	TODO: check
 CVE-2017-14115 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 ...)
 	TODO: check
-CVE-2017-XXXX [null pointer dereference]
-	- unrar-free <unfixed> (bug #874061)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
-CVE-2017-XXXX [stack overread vulnerability]
-	- unrar-free <unfixed> (bug #874060)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
-CVE-2017-XXXX [directory traversal vulnerability]
-	- unrar-free <unfixed> (bug #874059)
-	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
 CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...)
 	- rtpproxy <unfixed> (bug #874070)
 	NOTE: https://rtpbleed.com/