Author: jmm Date: 2017-08-08 19:51:38 +0000 (Tue, 08 Aug 2017) New Revision: 54444
Modified: data/CVE/list Log: new firefox issues jasper no-dsa Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-08 18:33:28 UTC (rev 54443) +++ data/CVE/list 2017-08-08 19:51:38 UTC (rev 54444) @@ -7311,6 +7311,7 @@ RESERVED CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...) - jasper <removed> + [jessie] - jasper <no-dsa> (Minor issue) NOTE: https://github.com/mdadams/jasper/issues/140 CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) - check-mk <unfixed> (bug #865497) @@ -13212,70 +13213,109 @@ RESERVED CVE-2017-7808 RESERVED + - firefox <unfixed> CVE-2017-7807 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7806 RESERVED + - firefox <unfixed> CVE-2017-7805 RESERVED CVE-2017-7804 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: Might be Windows-specific CVE-2017-7803 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7802 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7801 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7800 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7799 RESERVED + - firefox <unfixed> CVE-2017-7798 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7797 RESERVED + - firefox <unfixed> CVE-2017-7796 RESERVED + - firefox <not-affected> (Windows-specific) CVE-2017-7795 RESERVED CVE-2017-7794 RESERVED + - firefox <unfixed> CVE-2017-7793 RESERVED CVE-2017-7792 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7791 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7790 RESERVED + - firefox <not-affected> (Windows-specific) CVE-2017-7789 [Firefox ignores Strict-Transport-Security when two more STS headers are sent from server] RESERVED - firefox <unfixed> (low) - - firefox-esr <unfixed> (low) - [stretch] - firefox-esr <no-dsa> (Wait for next ESR release, if it doesn't get merged into ESR ignore) - [jessie] - firefox-esr <no-dsa> (Wait for next ESR release, if it doesn't get merged into ESR ignore) - [wheezy] - firefox-esr <no-dsa> (Wait for next ESR release, if it doesn't get merged into ESR ignore) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642 CVE-2017-7788 RESERVED + - firefox <unfixed> CVE-2017-7787 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7786 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7785 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7784 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7783 RESERVED + - firefox <unfixed> CVE-2017-7782 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: Might be Windows-specific CVE-2017-7781 RESERVED + - firefox <unfixed> CVE-2017-7780 RESERVED + - firefox <unfixed> CVE-2017-7779 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7778 RESERVED {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} @@ -13457,6 +13497,8 @@ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754 CVE-2017-7753 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> CVE-2017-7752 RESERVED {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} @@ -20379,16 +20421,17 @@ CVE-2017-5582 RESERVED CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in ...) - - jasper <unfixed> + - jasper <removed> + [jessie] - jasper <no-dsa> (Minor issue) NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114 NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10 CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...) - - jasper <unfixed> (unimportant) + - jasper <removed> (unimportant) NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112 NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8 NOTE: Not suitable for code injection, hardly denial of service CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...) - - jasper <unfixed> (unimportant) + - jasper <removed> (unimportant) NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113 NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9 NOTE: Not suitable for code injection, hardly denial of service _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits