Author: carnil Date: 2017-08-05 07:07:59 +0000 (Sat, 05 Aug 2017) New Revision: 54309
Modified: data/CVE/list Log: Mark swftools as unimportant, only CLI tool crashes There is no actionable information provided by the reporter, which is quite bad. It was as well only reported against an ancient version. I assume the issues are still unfixed, but mark them as unimportant. Furhtermore I directly forwarded the CVEs to upstream, which might be able to trackle them down. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-05 06:29:08 UTC (rev 54308) +++ data/CVE/list 2017-08-05 07:07:59 UTC (rev 54309) @@ -5101,16 +5101,16 @@ [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/74 CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...) - - swftools <undetermined> + - swftools <unfixed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...) - - swftools <undetermined> + - swftools <unfixed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...) - - swftools <undetermined> + - swftools <unfixed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...) - - swftools <undetermined> + - swftools <unfixed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...) NOT-FOR-US: IrfanView @@ -10851,7 +10851,7 @@ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...) - - swftools <undetermined> + - swftools <unfixed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...) - lame 3.99.5+repack1-7 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits