[Secure-testing-commits] r56159 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Sep 26 17:41:29 UTC 2017 

Author: jmm
Date: 2017-09-26 17:41:29 +0000 (Tue, 26 Sep 2017)
New Revision: 56159

Modified:
   data/CVE/list
Log:
libarchive no-dsa
mark three apple-reported issues as NFU


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-26 17:19:00 UTC (rev 56158)
+++ data/CVE/list	2017-09-26 17:41:29 UTC (rev 56159)
@@ -640,6 +640,8 @@
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
 CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in ...)
 	- libarchive <unfixed> (bug #875966)
+	[stretch] - libarchive <no-dsa> (Minor issue)
+	[jessie] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/issues/949
 CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in ...)
 	{DSA-3977-1 DLA-1104-1}
@@ -22379,7 +22381,8 @@
 CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
 	NOT-FOR-US: Apple
 CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
-	- libarchive <undetermined>
+	NOT-FOR-US: Apple / libarchive
+	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
 CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-7066
@@ -36425,7 +36428,8 @@
 CVE-2017-2391 (An issue was discovered in certain Apple products. Pages before 6.1, ...)
 	NOT-FOR-US: Apple
 CVE-2017-2390 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	- libarchive <undetermined>
+	NOT-FOR-US: Apple / libarchive
+	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
 CVE-2017-2389 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before ...)
@@ -58095,7 +58099,8 @@
 CVE-2016-4737 (WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and ...)
 	NOT-FOR-US: Webkit as used by Apple
 CVE-2016-4736 (libarchive in Apple OS X before 10.12 allows remote attackers to cause ...)
-	- libarchive <undetermined>
+	NOT-FOR-US: Apple / libarchive
+	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
 CVE-2016-4735 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
 	NOT-FOR-US: Webkit as used by Apple
 CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)

More information about the Secure-testing-commits mailing list