Author: anarcat
Date: 2017-08-31 14:00:27 +0000 (Thu, 31 Aug 2017)
New Revision: 55316
Modified:
data/CVE/list
data/dla-needed.txt
Log:
CVE-2017-7506 not present in wheezy
I have audited the code and the vulnerability is specifically bound to
the reds_on_main_agent_monitors_config function, which is simply not
present. a hostile message would fall through the code and not provoke
memory allocation or out of bounds access.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-31 13:48:46 UTC (rev 55315)
+++ data/CVE/list 2017-08-31 14:00:27 UTC (rev 55316)
@@ -18429,6 +18429,7 @@
CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds
memory ...)
{DSA-3907-1}
- spice 0.12.8-2.2 (bug #868083)
+ [wheezy] - spice <not-affected> (Vulnerable code not introduced later)
CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect
authorization ...)
- foreman <itp> (bug #663101)
CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of
the ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-08-31 13:48:46 UTC (rev 55315)
+++ data/dla-needed.txt 2017-08-31 14:00:27 UTC (rev 55316)
@@ -155,12 +155,6 @@
NOTE: No patches. Contacted upstream. Waiting for feedback
NOTE: > 12% of sponsors use sox hence I have decided to add it here.
--
-spice (anarcat)
- NOTE: CVE-2017-7506 already fixed in jessie. Can take patch there.
- NOTE: (Markus Koschany) Patch from Jessie does not apply. Function
- NOTE: reds_on_main_agent_monitors_config does not exist. Unclear how issue
- NOTE: can be triggered/verified in this version
---
tcpdump (Guido Günther)
NOTE: Contacted upstream regarding CVE-2017-11543
NOTE: package otherwise ready for upload
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
