Author: jmm Date: 2017-02-02 10:46:39 +0000 (Thu, 02 Feb 2017) New Revision: 48662
Modified: data/CVE/list Log: new mp3splt non-issue NFU Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-02 09:10:34 UTC (rev 48661) +++ data/CVE/list 2017-02-02 10:46:39 UTC (rev 48662) @@ -1,3 +1,9 @@ +CVE-2017-5681 [mp3splt: NULL pointer dereference in free_options] + RESERVED + - mp3splt <unfixed> (unimportant) + NOTE: https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options + NOTE: https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c + NOTE: No security impact, crash in CLI tool CVE-2017-5679 RESERVED CVE-2017-5678 @@ -6,20 +12,24 @@ RESERVED CVE-2017-5676 RESERVED -CVE-2017-5857 +CVE-2017-5857 [Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref] - qemu <unfixed> [jessie] - qemu <not-affected> (Vulnerable code not present) - qemu-kvm <not-affected> (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382 NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21c -CVE-2017-5856 +CVE-2017-5856 [Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd] - qemu <unfixed> [jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release) - qemu-kvm <removed> NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342 +CVE-2016-10193 + NOT-FOR-US: espeak-ruby Ruby gem +CVE-2016-10194 + NOT-FOR-US: festivaltts4r CVE-2015-8981 NOT-FOR-US: podofo CVE-2017-5855 _______________________________________________ Secure-testing-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
