[Secure-testing-commits] r56186 - data/CVE
Hugo Lefeuvre
hle at moszumanska.debian.org
Wed Sep 27 09:49:27 UTC 2017
Author: hle
Date: 2017-09-27 09:49:27 +0000 (Wed, 27 Sep 2017)
New Revision: 56186
Modified:
data/CVE/list
Log:
mp3gain: add links to stacktraces/reproducers for CVE-2017-144(06->12)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-27 09:39:23 UTC (rev 56185)
+++ data/CVE/list 2017-09-27 09:49:27 UTC (rev 56186)
@@ -951,18 +951,25 @@
NOT-FOR-US: D-Link
CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/
CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/
CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/
CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/
CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface.c ...)
- mp3gain <removed>
+ NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/
CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14404 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file ...)
More information about the Secure-testing-commits
mailing list