[Secure-testing-commits] r55434 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2017-09-04 17:53:41 +0000 (Mon, 04 Sep 2017)
New Revision: 55434

Modified:
   data/CVE/list
Log:
libzip, qemu, libgig no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-04 09:10:15 UTC (rev 55433)
+++ data/CVE/list	2017-09-04 17:53:41 UTC (rev 55434)
@@ -41,7 +41,9 @@
 CVE-2017-14108
 	RESERVED
 CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 ...)
-	- libzip <unfixed> (bug #874010)
+	- libzip <unfixed> (low; bug #874010)
+	[stretch] - libzip <no-dsa> (Minor issue)
+	[jessie] - libzip <no-dsa> (Minor issue)
 	NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
 	NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
 CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
@@ -1186,11 +1188,15 @@
 CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
 	NOT-FOR-US: Symantec ProxyClient
 CVE-2017-13673 (The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the ...)
-	- qemu <unfixed>
+	- qemu <unfixed> (low)
+	[stretch] - qemu <postponed> (Can be fixed along in a future DSA)
+	[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
 CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator ...)
-	- qemu <unfixed> (bug #873851)
+	- qemu <unfixed> (low; bug #873851)
+	[stretch] - qemu <postponed> (Can be fixed along in a future DSA)
+	[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
 	- qemu-kvm <removed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
 CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...)
@@ -2734,23 +2740,33 @@
 	NOTE: https://github.com/Exiv2/exiv2/issues/58
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
 CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...)
-	- libgig <unfixed> (bug #873718)
+	- libgig <unfixed> (low; bug #873718)
+	[stretch] - libgig <no-dsa> (Minor issue)
+	[jessie] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
 	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in ...)
-	- libgig <unfixed> (bug #873718)
+	- libgig <unfixed> (low; bug #873718)
+	[stretch] - libgig <no-dsa> (Minor issue)
+	[jessie] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
 	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote ...)
-	- libgig <unfixed> (bug #873718)
+	- libgig <unfixed> (low; bug #873718)
+	[stretch] - libgig <no-dsa> (Minor issue)
+	[jessie] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
 	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in ...)
-	- libgig <unfixed> (bug #873718)
+	- libgig <unfixed> (low; bug #873718)
+	[stretch] - libgig <no-dsa> (Minor issue)
+	[jessie] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
 	TODO: check, seem fixed with 4.0.0-4, but fix uncovers one more problem
 CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows ...)
-	- libgig <unfixed> (bug #873718)
+	- libgig <unfixed> (low; bug #873718)
+	[stretch] - libgig <no-dsa> (Minor issue)
+	[jessie] - libgig <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
 	TODO: check, seem fixed with 4.0.0-4
 CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...)