[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: libvpx/jessie triage

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40394383 by Moritz Muehlenhoff at 2018-02-27T21:27:21+01:00
libvpx/jessie triage
elinks no-dsa

- - - - -
4bce8361 by Moritz Muehlenhoff at 2018-02-27T21:28:14+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -304,7 +304,9 @@ CVE-2018-7423
 CVE-2017-18195 (An issue was discovered in tools/conversations/view_ajax.php in ...)
 	NOT-FOR-US: Concrete5
 CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
-	- elinks <unfixed> (bug #891575)
+	- elinks <unfixed> (low; bug #891575)
+	[stretch] - elinks <ignored> (Minor issue)
+	[jessie] - elinks <ignored> (Minor issue)
 	- links2 2.6-1 (bug #694658; bug #510417)
 	NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html
 	NOTE: tested links2 against badssl.com, no apparent issue back in wheezy
@@ -69535,6 +69537,7 @@ CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a rem
 	NOT-FOR-US: Android Telephony
 CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could ...)
 	- libvpx 1.6.1-1
+	[jessie] - libvpx <ignored> (Minor issue)
 	[wheezy] - libvpx <no-dsa> (Minor issue)
 	NOTE: probably fixed earlier, but this was the version checked
 	NOTE: The wheezy source is confirmed (by code inspection) to be vulnerable.
@@ -79553,10 +79556,13 @@ CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Androi
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
 	- libvpx 1.6.1-1
+	[jessie] - libvpx <ignored> (Minpr issue)
 	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
 	NOTE: probably fixed earlier, but this was the version checked
+	NOTE: https://android.googlesource.com/platform/external/libvpx/+/fdb1b40e7bb147c07bda988c9501ad223795d12d
 CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
 	- libvpx 1.6.1-1
+	[jessie] - libvpx <ignored> (Minpr issue)
 	[wheezy] - libvpx <no-dsa> (Minor issue)
 	NOTE: probably fixed earlier, but this was the version checked
 	NOTE: Wheezy is confirmed (by code inspection) to have vulnerable source.
@@ -89500,8 +89506,10 @@ CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-
 	NOT-FOR-US: Android
 CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx ...)
 	- libvpx 1.6.1-1
+	[jessie] - libvpx <ignored> (Minor issue)
 	[wheezy] - libvpx <not-affected> (Vulnerable source not present)
 	NOTE: probably fixed earlier, but this was the version checked
+	NOTE: https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da
 CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-3879 (arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/337ffbe5a1fe7694ae3f09c610b0b8d4473ba11d...4bce83611d63330492c6633f581f056b497ed59f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/337ffbe5a1fe7694ae3f09c610b0b8d4473ba11d...4bce83611d63330492c6633f581f056b497ed59f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180227/7f6cb399/attachment.html>