Author: jmm
Date: 2017-05-09 19:31:19 +0000 (Tue, 09 May 2017)
New Revision: 51453
Modified:
data/CVE/list
Log:
various no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-09 19:04:29 UTC (rev 51452)
+++ data/CVE/list 2017-05-09 19:31:19 UTC (rev 51453)
@@ -62,7 +62,8 @@
- linux <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559
CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379
allows ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (low)
+ [jessie] - imagemagick <no-dsa> (Can be postponed until more severe
issue are around)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/467
CVE-2017-8828
RESERVED
@@ -1054,22 +1055,27 @@
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
CVE-2017-8397 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
- binutils <unfixed>
+ [jessie] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21434
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
CVE-2017-8396 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
- binutils <unfixed>
+ [jessie] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21432
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
CVE-2017-8395 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
- binutils <unfixed>
+ [jessie] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21431
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3
CVE-2017-8394 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
- binutils <unfixed>
+ [jessie] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21414
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2
CVE-2017-8393 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
- binutils <unfixed>
+ [jessie] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21412
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
CVE-2017-8392 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
@@ -1148,6 +1154,7 @@
NOTE: Fixed by:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote
attackers ...)
- rzip <unfixed> (bug #861614)
+ [jessie] - rzip <no-dsa> (Minor issue)
NOTE:
https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28
allows ...)
- libsndfile <unfixed> (bug #862203)
@@ -1351,6 +1358,7 @@
NOTE:
http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote
...)
- yara <unfixed> (bug #861590)
+ [jessie] - yara <no-dsa> (Minor issue)
NOTE: https://github.com/VirusTotal/yara/issues/646
NOTE:
https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e
CVE-2017-8293
@@ -3802,6 +3810,7 @@
NOTE: https://launchpad.net/bugs/1667086
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in
Artifex ...)
- ghostscript <unfixed> (bug #860869)
+ [jessie] - ghostscript <no-dsa> (Minor issue)
[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to
re-evaluate once the upstream fix is known)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
NOTE: I got the reproducer file from the bug submitter and tried to
reproduce it.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
