Author: jmm
Date: 2017-08-09 22:52:04 +0000 (Wed, 09 Aug 2017)
New Revision: 54495
Modified:
data/CVE/list
Log:
wildmidi no-dsa/not-affected
mame doesn't embed libnodefart in mame (checked jessie and stretch)
jetty no-dsa
mcollective no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-09 22:21:21 UTC (rev 54494)
+++ data/CVE/list 2017-08-09 22:52:04 UTC (rev 54495)
@@ -2554,24 +2554,32 @@
CVE-2017-11664
RESERVED
- wildmidi <unfixed>
+ [stretch] - wildmidi <no-dsa> (Minor issue)
+ [jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11663
RESERVED
- wildmidi <unfixed>
+ [stretch] - wildmidi <no-dsa> (Minor issue)
+ [jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11662
RESERVED
- wildmidi <unfixed>
+ [stretch] - wildmidi <no-dsa> (Minor issue)
+ [jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11661
RESERVED
- wildmidi <unfixed>
+ [stretch] - wildmidi <no-dsa> (Minor issue)
+ [jessie] - wildmidi <not-affected> (vulnerable code not present)
[wheezy] - wildmidi <not-affected> (vulnerable code not present)
NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
NOTE:
https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
@@ -4265,11 +4273,8 @@
CVE-2017-11120
RESERVED
CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in
libnosefart.a ...)
- - mame <unfixed>
- xine-lib-1.2 <not-affected> (it is built with --disable-nosefart)
- xine-lib <not-affected> (it is built with --disable-nosefart)
- TODO: check
- NOTE: mame is probably not affected
CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp
in ...)
NOT-FOR-US: OpenExif
CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp
in ...)
@@ -7846,8 +7851,11 @@
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
{DLA-1021-1 DLA-1020-1}
- jetty9 9.2.22-1 (bug #864898)
+ [stretch] - jetty9 <no-dsa> (Minor issue)
- jetty8 <removed>
+ [jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
+ [jessie] - jetty <no-dsa> (Minor issue)
NOTE: https://github.com/eclipse/jetty.project/issues/1556
NOTE:
https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02
NOTE:
https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58
@@ -30189,6 +30197,7 @@
RESERVED
CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from
agents ...)
- mcollective <unfixed> (bug #866711)
+ [jessie] - mcollective <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2017-2292
NOTE:
https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0
CVE-2017-2291
@@ -57174,6 +57183,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet ...)
- mcollective <unfixed> (bug #850968)
+ [jessie] - mcollective <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/cve-2016-2788
NOTE:
https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d
CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise
2015.3.x ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
