[Secure-testing-commits] r55580 - data/CVE
Ola Lundqvist
opal at moszumanska.debian.org
Fri Sep 8 19:29:09 UTC 2017
Author: opal
Date: 2017-09-08 19:29:08 +0000 (Fri, 08 Sep 2017)
New Revision: 55580
Modified:
data/CVE/list
Log:
Triaged nss.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-08 19:09:29 UTC (rev 55579)
+++ data/CVE/list 2017-09-08 19:29:08 UTC (rev 55580)
@@ -6734,21 +6734,45 @@
CVE-2017-11698 [heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704)]
RESERVED
- nss <unfixed> (bug #873259)
+ [wheezy] - nss <ignored> (Minor issue)
+ NOTE: From the redhat advisory it is possible to conclude that the
+ NOTE: exploit requires specially crafted NSS NDB files and it is very unlikely
+ NOTE: a problem for services or client software using NSS.
+ NOTE: It would be good if someone with actual access to
+ NOTE: the mozilla bug can confirm this so we do not rely on redhat solely.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779
CVE-2017-11697 [Floating Point Exception in __hash_open (hash.c:229)]
RESERVED
- nss <unfixed> (bug #873258)
+ [wheezy] - nss <ignored> (Minor issue)
+ NOTE: From the redhat advisory it is possible to conclude that the
+ NOTE: exploit requires specially crafted NSS NDB files and it is very unlikely
+ NOTE: a problem for services or client software using NSS.
+ NOTE: It would be good if someone with actual access to
+ NOTE: the mozilla bug can confirm this so we do not rely on redhat solely.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900
CVE-2017-11696 [heap-buffer-overflow (write of size 65544) in __hash_open (lib/dbm/src/hash.c:241)]
RESERVED
- nss <unfixed> (bug #873257)
+ [wheezy] - nss <ignored> (Minor issue)
+ NOTE: From the redhat advisory it is possible to conclude that the
+ NOTE: exploit requires specially crafted NSS NDB files and it is very unlikely
+ NOTE: a problem for services or client software using NSS.
+ NOTE: It would be good if someone with actual access to
+ NOTE: the mozilla bug can confirm this so we do not rely on redhat solely.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778
CVE-2017-11695 [heap-buffer-overflow (write of size 8) in alloc_segs (lib/dbm/src/hash.c:1105)]
RESERVED
- nss <unfixed> (bug #873256)
+ [wheezy] - nss <ignored> (Minor issue)
+ NOTE: From the redhat advisory it is possible to conclude that the
+ NOTE: exploit requires specially crafted NSS NDB files and it is very unlikely
+ NOTE: a problem for services or client software using NSS.
+ NOTE: It would be good if someone with actual access to
+ NOTE: the mozilla bug can confirm this so we do not rely on redhat solely.
NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360782
CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentials that ...)
More information about the Secure-testing-commits
mailing list