[Secure-testing-commits] r55449 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Sep 4 21:34:48 UTC 2017 

Author: jmm
Date: 2017-09-04 21:34:48 +0000 (Mon, 04 Sep 2017)
New Revision: 55449

Modified:
   data/CVE/list
Log:
new binutils issues
new jasper issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-04 21:29:41 UTC (rev 55448)
+++ data/CVE/list	2017-09-04 21:34:48 UTC (rev 55449)
@@ -1,13 +1,27 @@
 CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	- jasper <removed> (low)
+	[jessie] - jasper <ignored> (Minor issue)
+	NOTE: https://github.com/mdadams/jasper/issues/147
 CVE-2017-14131
 	RESERVED
 CVE-2017-14130 (The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary ...)
-	TODO: check
+	- binutils <unfixed> (low)
+	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22058
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229
 CVE-2017-14129 (The read_section function in dwarf2.c in the Binary File Descriptor ...)
-	TODO: check
+	- binutils <unfixed> (low)
+	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22047
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643
 CVE-2017-14128 (The decode_line_info function in dwarf2.c in the Binary File Descriptor ...)
-	TODO: check
+	- binutils <unfixed> (low)
+	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22059
+	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780
 CVE-2017-14127 (Command Injection in the Ping Module in the Web Interface on ...)
 	NOT-FOR-US: Technicolor
 CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS. ...)

More information about the Secure-testing-commits mailing list