[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2015-8947 postponed until now

Tue, 17 Dec 2019 10:26:34 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bd33f741 by Thorsten Alteholz at 2019-12-17T18:23:06Z
CVE-2015-8947 postponed until now

- - - - -
4e1cc019 by Thorsten Alteholz at 2019-12-17T18:23:44Z
CVE-2017-14633 postponed until now

- - - - -
ff0325ab by Thorsten Alteholz at 2019-12-17T18:24:16Z
CVE-2017-11333 postponed until now

- - - - -
25eb0947 by Thorsten Alteholz at 2019-12-17T18:25:10Z
Reserve DLA-2039-1 for libvorbis

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -126047,7 +126047,6 @@ CVE-2017-14634 (In libsndfile 1.0.28, a 
divide-by-zero error exists in the funct
 CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read 
vulnerability ...)
        {DSA-4113-1 DLA-1368-1}
        - libvorbis 1.3.5-4.1 (bug #876778)
-       [jessie] - libvorbis <postponed> (Minor issue, can be fixed along later)
        NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
        NOTE: https://github.com/xiph/vorbis/pull/34
        NOTE: 
https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
@@ -136075,7 +136074,6 @@ CVE-2017-11334 (The address_space_write_continue 
function in exec.c in QEMU (aka
 CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org 
libvorbi ...)
        {DSA-4113-1 DLA-1368-1}
        - libvorbis 1.3.5-4.1 (low; bug #870341)
-       [jessie] - libvorbis <postponed> (Minor issue, can be revisited once 
fixed upstream)
        NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
        NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
        NOTE: Fixed by: 
https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
@@ -180100,7 +180098,6 @@ CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does 
not prevent the unencrypted
        NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2015-8947 (hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows 
remote atta ...)
        - harfbuzz 1.2.6-1
-       [jessie] - harfbuzz <no-dsa> (Minor issue, can be fixed via a DSA)
        NOTE: 
https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e
 (1.0.5)
 CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the 
unencr ...)
        - ecryptfs-utils 111-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Dec 2019] DLA-2039-1 libvorbis - security update
+       {CVE-2017-11333 CVE-2017-14633}
+       [jessie] - libvorbis 1.3.4-2+deb8u3
 [17 Dec 2019] DLA-2038-1 libssh - security update
        {CVE-2019-14889}
        [jessie] - libssh 0.6.3-4+deb8u4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5f5db646e9893ed7d184f4911239f19c47567897...25eb0947fbff80d7bbb2c2e16d5cac3cbf75fa88

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5f5db646e9893ed7d184f4911239f19c47567897...25eb0947fbff80d7bbb2c2e16d5cac3cbf75fa88
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to