[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Update entry for CVE-2017-11552
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 7 19:15:19 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
438ef6fd by Salvatore Bonaccorso at 2018-01-07T20:15:05+01:00
Update entry for CVE-2017-11552
Further analysis has shown that the isuse has its roots in mpg321 itself
rather than libmad. Mark CVE as unimportant to indicate the nonissue.
Additionally MITRE was notified about the possibly wrong underlying
problem, so they can decide if the CVE should be assigned to src:mpg321.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -29800,10 +29800,11 @@ CVE-2017-11553 (There is an illegal address access in the extend_alias_table fun
NOTE: Not reproducible in wheezy/jessie/stretch.
NOTE: Reproducible with 0.26-1 (experimental).
CVE-2017-11552 (The mad_decoder_run function in decoder.c in libmad 0.15.1b allows ...)
- - libmad <unfixed> (low; bug #870406)
- [stretch] - libmad <no-dsa> (Minor issue)
- [jessie] - libmad <no-dsa> (Minor issue)
- [wheezy] - libmad <no-dsa> (Minor issue)
+ - libmad <unfixed> (unimportant; bug #870406)
+ NOTE: Futher analysis has shown that the underlying issue is in src:mpg321
+ NOTE: Cf. https://bugs.debian.org/870406#25 for more Details.
+ NOTE: MITRE associates the CVE with libmad, thus mark as unimportant for
+ NOTE: libmad to indicate the non-issue.
NOTE: http://seclists.org/fulldisclosure/2017/Jul/94
CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows ...)
- libid3tag 0.15.1b-5 (bug #870333)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/438ef6fd61eedb116f011f9b8066192bd9466c33
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/438ef6fd61eedb116f011f9b8066192bd9466c33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180107/83331db5/attachment.html>
More information about the Secure-testing-commits
mailing list