[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2017-11333 for DSA-4113-1
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 22 15:56:58 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb901a44 by Salvatore Bonaccorso at 2018-03-22T16:55:15+01:00
Add CVE-2017-11333 for DSA-4113-1
- - - - -
1c89a1f7 by Salvatore Bonaccorso at 2018-03-22T16:55:56+01:00
Mark CVE-2017-11333 already fixed with the NMU from Guido
Upstream considers it fixed by limiting the channels to 256 channels.
Details in https://gitlab.xiph.org/xiph/vorbis/issues/2332
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41391,8 +41391,7 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka
NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
- - libvorbis 1.3.6-1 (low; bug #870341)
- [stretch] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
+ - libvorbis 1.3.5-4.1 (low; bug #870341)
[jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -121,7 +121,7 @@
[jessie] - jackson-databind 2.4.2-2+deb8u3
[stretch] - jackson-databind 2.8.6-1+deb9u3
[14 Feb 2018] DSA-4113-1 libvorbis - security update
- {CVE-2017-14632 CVE-2017-14633}
+ {CVE-2017-11333 CVE-2017-14632 CVE-2017-14633}
[stretch] - libvorbis 1.3.5-4+deb9u1
[14 Feb 2018] DSA-4112-1 xen - security update
{CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/79078ddaf22047a54a188a32093d43b5499f2858...1c89a1f79e24f0563f4972ffe9d23cac237af982
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/79078ddaf22047a54a188a32093d43b5499f2858...1c89a1f79e24f0563f4972ffe9d23cac237af982
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180322/931a3c15/attachment.html>
More information about the Secure-testing-commits
mailing list