[Secure-testing-commits] r56065 - in data: . CVE
Thorsten Alteholz
alteholz at moszumanska.debian.org
Sat Sep 23 17:28:44 UTC 2017
Author: alteholz
Date: 2017-09-23 17:28:44 +0000 (Sat, 23 Sep 2017)
New Revision: 56065
Modified:
data/CVE/list
data/dla-needed.txt
Log:
following the security team
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-23 17:24:34 UTC (rev 56064)
+++ data/CVE/list 2017-09-23 17:28:44 UTC (rev 56065)
@@ -1261,6 +1261,7 @@
CVE-2017-14229 (There is an infinite loop in the jpc_dec_tileinit function in ...)
- jasper <removed>
[jessie] - jasper <ignored> (Minor issue)
+ [wheezy] - jasper <ignored> (Minor issue)
NOTE: https://github.com/mdadams/jasper/issues/146
NOTE: Possible false-positive, cf. https://github.com/mdadams/jasper/issues/146#issuecomment-330674648
CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
@@ -1582,6 +1583,7 @@
CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service ...)
- jasper <removed> (low)
[jessie] - jasper <ignored> (Minor issue)
+ [wheezy] - jasper <ignored> (Minor issue)
NOTE: https://github.com/mdadams/jasper/issues/147
CVE-2017-14131
RESERVED
@@ -2535,6 +2537,7 @@
CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the ...)
- jasper <removed> (low)
[jessie] - jasper <ignored> (Minor issue)
+ [wheezy] - jasper <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287
CVE-2017-13747 (There is a reachable assertion abort in the function jpc_floorlog2() in ...)
- jasper <removed> (unimportant)
@@ -13474,6 +13477,7 @@
CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...)
- jasper <removed>
[jessie] - jasper <no-dsa> (Minor issue)
+ [wheezy] - jasper <no-dsa> (Minor issue)
NOTE: https://github.com/mdadams/jasper/issues/140
CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
[experimental] - check-mk 1.4.0p9-1
@@ -26858,6 +26862,7 @@
CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in ...)
- jasper <removed>
[jessie] - jasper <no-dsa> (Minor issue)
+ [wheezy] - jasper <no-dsa> (Minor issue)
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-23 17:24:34 UTC (rev 56064)
+++ data/dla-needed.txt 2017-09-23 17:28:44 UTC (rev 56065)
@@ -43,11 +43,6 @@
--
imagemagick (Roberto C. Sánchez)
--
-jasper
- NOTE: 20170629, no patch available for the remaining CVEs yet, pinged upstream
- NOTE: 20170708: re-pinged upstream (lamby)
- NOTE: 20170813, no patches available yet
---
lame (Hugo Lefeuvre)
NOTE: 20170907: Upstream claims to have reproduced and fixed CVE-2017-{69-72}. asan outputs
NOTE: are not exactly identical, wait for more infos.
More information about the Secure-testing-commits
mailing list