Author: carnil
Date: 2017-08-05 07:07:59 +0000 (Sat, 05 Aug 2017)
New Revision: 54309
Modified:
data/CVE/list
Log:
Mark swftools as unimportant, only CLI tool crashes
There is no actionable information provided by the reporter, which is
quite bad. It was as well only reported against an ancient version. I
assume the issues are still unfixed, but mark them as unimportant.
Furhtermore I directly forwarded the CVEs to upstream, which might be
able to trackle them down.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-05 06:29:08 UTC (rev 54308)
+++ data/CVE/list 2017-08-05 07:07:59 UTC (rev 54309)
@@ -5101,16 +5101,16 @@
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/74
CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attackers ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might
allow ...)
NOT-FOR-US: IrfanView
@@ -10851,7 +10851,7 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from
Faulting Address ...)
- - swftools <undetermined>
+ - swftools <unfixed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for
values ...)
- lame 3.99.5+repack1-7
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
