[Secure-testing-commits] r55478 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Sep 5 20:01:13 UTC 2017
Author: carnil
Date: 2017-09-05 20:01:12 +0000 (Tue, 05 Sep 2017)
New Revision: 55478
Modified:
data/CVE/list
Log:
Update smplayer issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-05 19:15:02 UTC (rev 55477)
+++ data/CVE/list 2017-09-05 20:01:12 UTC (rev 55478)
@@ -6221,10 +6221,14 @@
CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...)
NOT-FOR-US: Actian Pervasive PSQL server
CVE-2017-XXXX [executes javascript code downloaded from insecure URL]
- - smplayer <unfixed> (low; bug #870233)
+ - smplayer 17.7.0~ds0-1 (low; bug #870233)
[stretch] - smplayer <no-dsa> (Minor issue)
[jessie] - smplayer <no-dsa> (Minor issue)
[wheezy] - smplayer <not-affected> (vulnerable code not present)
+ NOTE: The version tracking here is not 100% since the vulnerable code still would
+ NOTE: be present in the source. Users though need to explicitly rebuilt the package
+ NOTE: changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is
+ NOTE: disabled by default on upstream since 17.2.0
CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...)
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870111)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list