[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark CVE-2017-11333 as fixed with libvorbis unstable upload
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 22 15:51:52 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79078dda by Salvatore Bonaccorso at 2018-03-22T16:50:03+01:00
Mark CVE-2017-11333 as fixed with libvorbis unstable upload
The commit used by upstream is to adress CVE-2017-16433, but it adresses
at the same time CVE-2017-11333 by limiting the number of channels to
no more than 256 channels.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41391,11 +41391,12 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka
NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
- - libvorbis <unfixed> (low; bug #870341)
+ - libvorbis 1.3.6-1 (low; bug #870341)
[stretch] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
[jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
+ NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
{DLA-1197-1}
- sox 14.4.2-2 (bug #870328)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/79078ddaf22047a54a188a32093d43b5499f2858
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/79078ddaf22047a54a188a32093d43b5499f2858
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180322/bb11d42a/attachment.html>
More information about the Secure-testing-commits
mailing list