[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add fixing version for wildmidi with unstable upload
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 7 12:29:12 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8d259f4e by Salvatore Bonaccorso at 2018-01-07T13:28:07+01:00
Add fixing version for wildmidi with unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3105,7 +3105,7 @@ CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink t
CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar ...)
- phpbb3 <removed>
CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
- - wildmidi <unfixed> (bug #886503)
+ - wildmidi 0.4.2-1 (bug #886503)
NOTE: https://github.com/Mindwerks/wildmidi/issues/178
NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...)
@@ -29379,28 +29379,28 @@ CVE-2017-11665 (The ff_amf_get_field_value function in libavformat/rtmppkt.c in
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130
NOTE: Fixed in 3.2.7
CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI ...)
- - wildmidi <unfixed> (low; bug #871616)
+ - wildmidi 0.4.2-1 (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI ...)
- - wildmidi <unfixed> (low; bug #871616)
+ - wildmidi 0.4.2-1 (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ...)
- - wildmidi <unfixed> (low; bug #871616)
+ - wildmidi 0.4.2-1 (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI ...)
- - wildmidi <unfixed> (low; bug #871616)
+ - wildmidi 0.4.2-1 (low; bug #871616)
[stretch] - wildmidi <no-dsa> (Minor issue)
[jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d259f4eb0d230ad8151f1cd8b57597afd6f7511
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8d259f4eb0d230ad8151f1cd8b57597afd6f7511
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180107/6b86cfeb/attachment.html>
More information about the Secure-testing-commits
mailing list