[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2015-8947 postponed until now

Tue Dec 17 18:25:25 GMT 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd33f741 by Thorsten Alteholz at 2019-12-17T18:23:06Z
CVE-2015-8947 postponed until now

- - - - -
4e1cc019 by Thorsten Alteholz at 2019-12-17T18:23:44Z
CVE-2017-14633 postponed until now

- - - - -
ff0325ab by Thorsten Alteholz at 2019-12-17T18:24:16Z
CVE-2017-11333 postponed until now

- - - - -
25eb0947 by Thorsten Alteholz at 2019-12-17T18:25:10Z
Reserve DLA-2039-1 for libvorbis

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -126047,7 +126047,6 @@ CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the funct
 CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
 	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (bug #876778)
-	[jessie] - libvorbis <postponed> (Minor issue, can be fixed along later)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
 	NOTE: https://github.com/xiph/vorbis/pull/34
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
@@ -136075,7 +136074,6 @@ CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka
 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...)
 	{DSA-4113-1 DLA-1368-1}
 	- libvorbis 1.3.5-4.1 (low; bug #870341)
-	[jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
 	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
@@ -180100,7 +180098,6 @@ CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2015-8947 (hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote atta ...)
 	- harfbuzz 1.2.6-1
-	[jessie] - harfbuzz <no-dsa> (Minor issue, can be fixed via a DSA)
 	NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e (1.0.5)
 CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencr ...)
 	- ecryptfs-utils 111-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Dec 2019] DLA-2039-1 libvorbis - security update
+	{CVE-2017-11333 CVE-2017-14633}
+	[jessie] - libvorbis 1.3.4-2+deb8u3
 [17 Dec 2019] DLA-2038-1 libssh - security update
 	{CVE-2019-14889}
 	[jessie] - libssh 0.6.3-4+deb8u4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5f5db646e9893ed7d184f4911239f19c47567897...25eb0947fbff80d7bbb2c2e16d5cac3cbf75fa88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5f5db646e9893ed7d184f4911239f19c47567897...25eb0947fbff80d7bbb2c2e16d5cac3cbf75fa88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191217/95cdc380/attachment.html>
