[Secure-testing-commits] r55972 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Sep 21 17:13:07 UTC 2017 

Author: jmm
Date: 2017-09-21 17:13:07 +0000 (Thu, 21 Sep 2017)
New Revision: 55972

Modified:
   data/CVE/list
Log:
kannel, libsndfile no-dsa
u-boot umimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-21 15:20:02 UTC (rev 55971)
+++ data/CVE/list	2017-09-21 17:13:07 UTC (rev 55972)
@@ -1,5 +1,7 @@
 CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function ...)
 	- libsndfile <unfixed>
+	[stretch] - libsndfile <no-dsa> (Minor issue)
+	[jessie] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/issues/318
 CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
 	- libvorbis <unfixed>
@@ -71,7 +73,9 @@
 	- bareos <unfixed>
 	NOTE: https://bugs.bareos.org/view.php?id=847
 CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file after ...)
-	- kannel <unfixed>
+	- kannel <unfixed> (low)
+	[stretch] - kannel <no-dsa> (Minor issue)
+	[jessie] - kannel <no-dsa> (Minor issue)
 	NOTE: https://redmine.kannel.org/issues/771
 CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to ...)
 	- libraw <unfixed> (low)
@@ -1255,6 +1259,8 @@
 	NOTE: http://www.openldap.org/its/index.cgi?findid=8703
 CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of service (memory ...)
 	- python-scrapy <unfixed> (bug #875947)
+	[stretch] - python-scrapy <no-dsa> (Minor issue)
+	[jessie] - python-scrapy <no-dsa> (Minor issue)
 	[wheezy] - python-scrapy <no-dsa> (Minor issue)
 	NOTE: http://blog.csdn.net/wangtua/article/details/75228728
 	NOTE: https://github.com/scrapy/scrapy/issues/482
@@ -33706,20 +33712,22 @@
 	RESERVED
 CVE-2017-3226
 	RESERVED
-	- u-boot <unfixed>
+	- u-boot <unfixed> (unimportant)
 	[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
 	NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
 	NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove
 	NOTE: it in future versions.
 	NOTE: https://www.kb.cert.org/vuls/id/166743
+	NOTE: Negligable security impact
 CVE-2017-3225
 	RESERVED
-	- u-boot <unfixed>
+	- u-boot <unfixed> (unimportant)
 	[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
 	NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
 	NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove
 	NOTE: it in future versions.
 	NOTE: https://www.kb.cert.org/vuls/id/166743
+	NOTE: Negligable security impact
 CVE-2017-3224 [OSPF implementation improperly determines LSA recency (VU#793496)]
 	RESERVED
 	- quagga <unfixed> (low; bug #871617)

More information about the Secure-testing-commits mailing list