Author: carnil
Date: 2017-08-08 20:56:59 +0000 (Tue, 08 Aug 2017)
New Revision: 54455

Modified:
   data/CVE/list
Log:
Update status for CVE-2017-11720

The reproducer is in meanwhile open, and indeed this is a duplicate of
the #777159 bug, and as well of the bug reported by Agostino Sarubbo
from Gentoo.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-08 20:45:03 UTC (rev 54454)
+++ data/CVE/list       2017-08-08 20:56:59 UTC (rev 54455)
@@ -2190,9 +2190,8 @@
        NOTE: 
https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934
        NOTE: Also affects openjk (only in experimental; fixed in 
0~20170718+dfsg1-2
 CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, 
caused by a ...)
-       - lame <unfixed> (low; bug #870809)
-       [stretch] - lame <no-dsa> (Minor issue)
-       [jessie] - lame <no-dsa> (Minor issue)
+       - lame 3.99.5+repack1-6 (low; bug #870809; bug #777159)
+       [wheezy] - lame 3.99.5+repack1-3+deb7u1
        NOTE: https://sourceforge.net/p/lame/bugs/460/
        NOTE: Duplicate/same as: 
https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
 CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in 
FFmpeg ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to