[Git][security-tracker-team/security-tracker][master] Update inormation on some older CVEs to make tracking a bit more consistent

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 10 21:22:46 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7df72f1d by Salvatore Bonaccorso at 2021-07-10T22:22:25+02:00
Update inormation on some older CVEs to make tracking a bit more consistent

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -285213,8 +285213,7 @@ CVE-2016-8880
 	REJECTED
 CVE-2016-8866 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
 	{DLA-756-1}
-	- imagemagick <not-affected>
-	NOTE: For incomplete fix of CVE-2016-8862
+	- imagemagick <not-affected> (Incomplete fix for CVE-2016-8862 not applied)
 	NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
 	NOTE: This is not a real problem in imagemagick but caused by the "observer" (the address sanitizer), cf.
 	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 .
@@ -290393,9 +290392,10 @@ CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick befo
 	NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
 CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image p ...)
 	{DLA-609-1}
-	- linux <not-affected>
+	- linux <not-affected> (Vulnerable code not present)
 	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
-	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
+	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version.
+	NOTE: Issue then was fixed in 3.2.81-2 in DLA-609-1
 	NOTE: https://www.openwall.com/lists/oss-security/2016/08/31/1
 CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick E ...)
 	{DLA-1599-1 DLA-619-1 DLA-618-1}
@@ -290914,8 +290914,7 @@ CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.
 	NOT-FOR-US: Adobe Flash Player
 CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavcodec/ ...)
 	- ffmpeg 7:3.1.3-1
-	- libav <not-affected>
-	NOTE: Vulnerable code not present in any Libav version.
+	- libav <not-affected> (Vulnerable code not present in any Libav version)
 CVE-2016-6919
 	RESERVED
 CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...)
@@ -290979,10 +290978,9 @@ CVE-2016-6889
 	RESERVED
 CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1. ...)
 	- ffmpeg 7:3.1.3-1 (unimportant)
-	- libav <not-affected>
+	- libav <not-affected> (Vulnerable code not present in any Libav version)
 	NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/6
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
-	NOTE: Vulnerable code not present in any Libav version.
 CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
 	- lshell <removed> (bug #834949)
 	[wheezy] - lshell <not-affected> (Vulnerable code not present)
@@ -294730,7 +294728,7 @@ CVE-2014-9904 (The snd_compress_check_input function in sound/core/compress_offl
 	NOTE: Fixed by: https://git.kernel.org/linus/6217e5ede23285ddfee10d2e4ba0cc2d4c046205 (3.17-rc1)
 	NOTE: Introduced by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
 CVE-2014-9903 (The sched_read_attr function in kernel/sched/core.c in the Linux kerne ...)
-	- linux <not-affected>
+	- linux <not-affected> (Vulnerable code not present in a Debian released version)
 	NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4
 CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualc ...)
 	NOT-FOR-US: Qualcomm driver for Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7df72f1d610cfb34e51ada1d49537eafed30be74

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7df72f1d610cfb34e51ada1d49537eafed30be74
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210710/6a112ba3/attachment.htm>


More information about the debian-security-tracker-commits mailing list