[Git][security-tracker-team/security-tracker][master] All planed updates were included in 8.11, last one checked lame
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 23 10:40:13 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58feb8a2 by Salvatore Bonaccorso at 2018-06-23T11:39:48+02:00
All planed updates were included in 8.11, last one checked lame
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41283,14 +41283,14 @@ CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allow
NOTE: Pull request: https://github.com/antirez/redis/pull/4365
CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples ...)
- lame 3.99.5+repack1-8
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/479/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in ...)
- lame 3.99.5+repack1-8
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/478/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
@@ -41428,7 +41428,7 @@ CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_ini
NOTE: https://sourceforge.net/p/lame/bugs/477/
CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malformed ...)
- lame 3.99.5+repack1-8
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/480/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
@@ -55052,7 +55052,7 @@ CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attack
NOT-FOR-US: IrfanView
CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in ...)
- lame 3.99.5+repack1-8 (bug #867725)
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
NOTE: https://sourceforge.net/p/lame/bugs/482/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
@@ -55060,7 +55060,7 @@ CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
- lame 3.99.5+repack1-8 (bug #867725)
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
NOTE: https://sourceforge.net/p/lame/bugs/483/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
@@ -55068,7 +55068,7 @@ CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
- lame 3.99.5+repack1-8 (bug #867725)
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/
NOTE: https://sourceforge.net/p/lame/bugs/481/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
@@ -55076,7 +55076,7 @@ CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in ...)
- lame 3.99.5+repack1-8 (bug #867725)
- [jessie] - lame <no-dsa> (Minor issue)
+ [jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
NOTE: https://sourceforge.net/p/lame/bugs/475/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
=====================================
data/next-oldstable-point-update.txt
=====================================
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,14 +0,0 @@
-CVE-2017-9872
- [jessie] - lame 3.99.5+repack1-7+deb8u2
-CVE-2017-9871
- [jessie] - lame 3.99.5+repack1-7+deb8u2
-CVE-2017-9870
- [jessie] - lame 3.99.5+repack1-7+deb8u2
-CVE-2017-9869
- [jessie] - lame 3.99.5+repack1-7+deb8u2
-CVE-2017-15046
- [jessie] - lame 3.99.5+repack1-7+deb8u2
-CVE-2017-15045
- [jessie] - lame 3.99.5+repack1-7+deb8u2
-CVE-2017-15018
- [jessie] - lame 3.99.5+repack1-7+deb8u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58feb8a2de092c233fdda832d5b3070e984d0db9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58feb8a2de092c233fdda832d5b3070e984d0db9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180623/62f61dca/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list