Author: jmm
Date: 2017-02-02 22:13:26 +0000 (Thu, 02 Feb 2017)
New Revision: 48670
Modified:
data/CVE/list
Log:
bugs filed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-02 21:10:13 UTC (rev 48669)
+++ data/CVE/list 2017-02-02 22:13:26 UTC (rev 48670)
@@ -430,7 +430,7 @@
RESERVED
CVE-2017-5857 [Qemu: display: virtio-gpu-3d: host memory leakage in
virgl_cmd_resource_unref]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #853996)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
@@ -438,7 +438,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21c
CVE-2017-5856 [Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #853996)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or
point release)
- qemu-kvm <removed>
NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19
@@ -467,7 +467,7 @@
NOT-FOR-US: podofo
CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and
putgreytile()]
RESERVED
- - netpbm-free <unfixed>
+ - netpbm-free <unfixed> (bug #853997)
NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2
CVE-2017-5850
RESERVED
@@ -647,7 +647,7 @@
RESERVED
CVE-2017-5667 [sd: sdhci OOB access during multi block SDMA transfer]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #853996)
- qemu-kvm <removed>
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
@@ -7095,13 +7095,13 @@
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- - glassfish <unfixed>
+ - glassfish <unfixed> (bug #853998)
CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- - glassfish <unfixed>
+ - glassfish <unfixed> (bug #853998)
CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- - glassfish <unfixed>
+ - glassfish <unfixed> (bug #853998)
CVE-2017-3246 (Vulnerability in the Oracle Application Object Library
component of ...)
NOT-FOR-US: Oracle
CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component
of ...)
@@ -27615,7 +27615,7 @@
CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- - glassfish <unfixed>
+ - glassfish <unfixed> (bug #853998)
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-5526 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
@@ -27633,7 +27633,7 @@
CVE-2016-5520
RESERVED
CVE-2016-5519 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
- - glassfish <unfixed>
+ - glassfish <unfixed> (bug #853998)
CVE-2016-5518 (Unspecified vulnerability in the Oracle Agile Engineering Data
...)
NOT-FOR-US: Oracle
CVE-2016-5517 (Unspecified vulnerability in the Oracle Applications DBA
component in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
