[Secure-testing-commits] r56910 - data/CVE

Sat, 21 Oct 2017 14:43:45 -0700 

Author: jmm
Date: 2017-10-21 21:43:17 +0000 (Sat, 21 Oct 2017)
New Revision: 56910

Modified:
   data/CVE/list
Log:
updates on two additional lame issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-21 21:10:17 UTC (rev 56909)
+++ data/CVE/list       2017-10-21 21:43:17 UTC (rev 56910)
@@ -14743,17 +14743,21 @@
 CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows 
attackers to ...)
        NOT-FOR-US: IrfanView
 CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as 
used in ...)
-       - lame <unfixed> (bug #867725)
-       [stretch] - lame <no-dsa> (Minor issue)
+       - lame 3.99.5+repack1-8 (bug #867725)
        [jessie] - lame <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
        NOTE: https://sourceforge.net/p/lame/bugs/482/
+       NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
+       NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
+       NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
-       - lame <unfixed> (bug #867725)
-       [stretch] - lame <no-dsa> (Minor issue)
+       - lame 3.99.5+repack1-8 (bug #867725)
        [jessie] - lame <no-dsa> (Minor issue)
        NOTE: 
https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
        NOTE: https://sourceforge.net/p/lame/bugs/483/
+       NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
+       NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
+       NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
        - lame 3.99.5+repack1-8 (bug #867725)
        [jessie] - lame <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to