Author: jmm Date: 2017-08-09 22:52:04 +0000 (Wed, 09 Aug 2017) New Revision: 54495
Modified: data/CVE/list Log: wildmidi no-dsa/not-affected mame doesn't embed libnodefart in mame (checked jessie and stretch) jetty no-dsa mcollective no-dsa Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-09 22:21:21 UTC (rev 54494) +++ data/CVE/list 2017-08-09 22:52:04 UTC (rev 54495) @@ -2554,24 +2554,32 @@ CVE-2017-11664 RESERVED - wildmidi <unfixed> + [stretch] - wildmidi <no-dsa> (Minor issue) + [jessie] - wildmidi <not-affected> (vulnerable code not present) [wheezy] - wildmidi <not-affected> (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11663 RESERVED - wildmidi <unfixed> + [stretch] - wildmidi <no-dsa> (Minor issue) + [jessie] - wildmidi <not-affected> (vulnerable code not present) [wheezy] - wildmidi <not-affected> (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11662 RESERVED - wildmidi <unfixed> + [stretch] - wildmidi <no-dsa> (Minor issue) + [jessie] - wildmidi <not-affected> (vulnerable code not present) [wheezy] - wildmidi <not-affected> (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd CVE-2017-11661 RESERVED - wildmidi <unfixed> + [stretch] - wildmidi <no-dsa> (Minor issue) + [jessie] - wildmidi <not-affected> (vulnerable code not present) [wheezy] - wildmidi <not-affected> (vulnerable code not present) NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd @@ -4265,11 +4273,8 @@ CVE-2017-11120 RESERVED CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...) - - mame <unfixed> - xine-lib-1.2 <not-affected> (it is built with --disable-nosefart) - xine-lib <not-affected> (it is built with --disable-nosefart) - TODO: check - NOTE: mame is probably not affected CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in ...) NOT-FOR-US: OpenExif CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in ...) @@ -7846,8 +7851,11 @@ CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...) {DLA-1021-1 DLA-1020-1} - jetty9 9.2.22-1 (bug #864898) + [stretch] - jetty9 <no-dsa> (Minor issue) - jetty8 <removed> + [jessie] - jetty8 <no-dsa> (Minor issue) - jetty <removed> + [jessie] - jetty <no-dsa> (Minor issue) NOTE: https://github.com/eclipse/jetty.project/issues/1556 NOTE: https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02 NOTE: https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58 @@ -30189,6 +30197,7 @@ RESERVED CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...) - mcollective <unfixed> (bug #866711) + [jessie] - mcollective <no-dsa> (Minor issue) NOTE: https://puppet.com/security/cve/cve-2017-2292 NOTE: https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0 CVE-2017-2291 @@ -57174,6 +57183,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8 CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet ...) - mcollective <unfixed> (bug #850968) + [jessie] - mcollective <no-dsa> (Minor issue) NOTE: https://puppet.com/security/cve/cve-2016-2788 NOTE: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise 2015.3.x ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits