[Git][security-tracker-team/security-tracker][master] Record wavpack issues fixed in unstable

Salvatore Bonaccorso carnil at debian.org
Tue May 1 10:47:11 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29a7abf0 by Salvatore Bonaccorso at 2018-05-01T11:46:48+02:00
Record wavpack issues fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -108,25 +108,25 @@ CVE-2018-10542
 CVE-2018-10541
 	RESERVED
 CVE-2018-10540 (An issue was discovered in WavPack 5.1.0 and earlier for W64 input. ...)
-	- wavpack <unfixed> (bug #897271)
+	- wavpack 5.1.0-3 (bug #897271)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
 	NOTE: https://github.com/dbry/WavPack/issues/33
 CVE-2018-10539 (An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. ...)
-	- wavpack <unfixed> (bug #897271)
+	- wavpack 5.1.0-3 (bug #897271)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
 	NOTE: https://github.com/dbry/WavPack/issues/33
 CVE-2018-10538 (An issue was discovered in WavPack 5.1.0 and earlier for WAV input. ...)
-	- wavpack <unfixed> (bug #897271)
+	- wavpack 5.1.0-3 (bug #897271)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
 	NOTE: https://github.com/dbry/WavPack/issues/33
 CVE-2018-10537 (An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser ...)
-	- wavpack <unfixed> (bug #897271)
+	- wavpack 5.1.0-3 (bug #897271)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
@@ -134,7 +134,7 @@ CVE-2018-10537 (An issue was discovered in WavPack 5.1.0 and earlier. The W64 pa
 	NOTE: https://github.com/dbry/WavPack/issues/31
 	NOTE: https://github.com/dbry/WavPack/issues/32
 CVE-2018-10536 (An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser ...)
-	- wavpack <unfixed> (bug #897271)
+	- wavpack 5.1.0-3 (bug #897271)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
 	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
@@ -8577,14 +8577,14 @@ CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...)
 	NOT-FOR-US: Datto ALTO and SIRIS devices
 CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack ...)
 	{DSA-4125-1}
-	- wavpack <unfixed> (bug #889274)
+	- wavpack 5.1.0-3 (bug #889274)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/dbry/WavPack/issues/26
 	NOTE: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
 CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of ...)
 	{DSA-4125-1}
-	- wavpack <unfixed> (bug #889559)
+	- wavpack 5.1.0-3 (bug #889559)
 	[jessie] - wavpack <not-affected> (Vulnerable code not present)
 	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/dbry/WavPack/issues/28
@@ -9900,7 +9900,7 @@ CVE-2018-6760
 	RESERVED
 CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig function of ...)
 	{DSA-4125-1}
-	- wavpack <unfixed> (bug #889276)
+	- wavpack 5.1.0-3 (bug #889276)
 	[jessie] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
 	[wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
 	NOTE: https://github.com/dbry/WavPack/issues/27



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29a7abf0a7b6f8ea94df3a56726ad74e119da5f4

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/29a7abf0a7b6f8ea94df3a56726ad74e119da5f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180501/09983e7e/attachment.html>

More information about the debian-security-tracker-commits mailing list