Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31a54c53 by Salvatore Bonaccorso at 2019-07-27T19:00:15Z
swftools removed from unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93870,7 +93870,7 @@ CVE-2017-16892 (In Bftpd before 4.7, there is a memory
leak in the file rename f
CVE-2017-16891
RESERVED
CVE-2017-16890 (SWFTools 0.9.2 has a divide-by-zero error in the
wav_convert2mono func ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/57
NOTE: Crash in CLI tool, no security impact
CVE-2017-16889
@@ -94062,7 +94062,7 @@ CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94
allows remote attackers to
NOTE: https://github.com/upx/upx/issues/146
NOTE: crash in CLI tool, no security impact
CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c
does not ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/52
NOTE: Crash in CLI tool, no security impact
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11
deauthentica ...)
@@ -94153,31 +94153,31 @@ CVE-2017-1000189 (nodejs ejs version older than 2.5.5
is vulnerable to a denial-
CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a
Cross-site-scri ...)
NOT-FOR-US: nodejs ejs
CVE-2017-1000187 (In SWFTools, an address access exception was found in
pdf2swf. FoFiTru ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/36
NOTE: Crash in CLI tool, no security implications
CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/34
NOTE: Crash in CLI tool, no security implications
CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf.
...)
- - swftools <unfixed>
+ - swftools <removed>
[stretch] - swftools <no-dsa> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/33
CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/30
NOTE: Crash in CLI tool, no security implications
CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...)
- - swftools <unfixed>
+ - swftools <removed>
[stretch] - swftools <no-dsa> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/23
CVE-2017-1000174 (In SWFTools, an address access exception was found in
swfdump swf_GetB ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/21
NOTE: Crash in CLI tool, no security implications
CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code
Execution. ...)
@@ -94605,23 +94605,23 @@ CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in
modules/New/action.addcategory.ph
CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in
modules ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not
properl ...)
- - swftools <unfixed>
+ - swftools <removed>
[stretch] - swftools <no-dsa> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/51
CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not
check t ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/51
NOTE: Crash in CLI tool, no security implications
CVE-2017-16795
RESERVED
CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not
properly ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/50
NOTE: Crash in CLI tool, no security implications
CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2
does not ...)
- - swftools <unfixed>
+ - swftools <removed>
[stretch] - swftools <no-dsa> (Minor issue)
[jessie] - swftools <no-dsa> (Minor issue)
[wheezy] - swftools <no-dsa> (Minor issue)
@@ -94799,7 +94799,7 @@ CVE-2017-16713
CVE-2017-16712
RESERVED
CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in
lib/modules/swfbits.c ...)
- - swftools <unfixed> (unimportant; bug #881390)
+ - swftools <removed> (unimportant; bug #881390)
NOTE: https://github.com/matthiaskramm/swftools/issues/46
NOTE: Crash in CLI tool, no security implications
CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia
AM-100 d ...)
@@ -112002,22 +112002,22 @@ CVE-2017-11102 (The ReadOneJNGImage function in
coders/png.c in GraphicsMagick 1
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230
CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it
can lea ...)
- - swftools <unfixed> (unimportant; bug #871022)
+ - swftools <removed> (unimportant; bug #871022)
NOTE: https://github.com/matthiaskramm/swftools/issues/26
CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it
can lea ...)
- - swftools <unfixed> (unimportant; bug #871024)
+ - swftools <removed> (unimportant; bug #871024)
NOTE: https://github.com/matthiaskramm/swftools/issues/27
CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it
can lead t ...)
- - swftools <unfixed> (unimportant; bug #871018)
+ - swftools <removed> (unimportant; bug #871018)
NOTE: https://github.com/matthiaskramm/swftools/issues/31
CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it
can lead t ...)
- - swftools <unfixed> (unimportant; bug #871020)
+ - swftools <removed> (unimportant; bug #871020)
NOTE: https://github.com/matthiaskramm/swftools/issues/32
CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can
lead to a ...)
- - swftools <unfixed> (unimportant; bug #871025)
+ - swftools <removed> (unimportant; bug #871025)
NOTE: https://github.com/matthiaskramm/swftools/issues/24
CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it
can lea ...)
- - swftools <unfixed> (unimportant; bug #871026)
+ - swftools <removed> (unimportant; bug #871026)
NOTE: https://github.com/matthiaskramm/swftools/issues/25
CVE-2017-11095
RESERVED
@@ -112338,7 +112338,7 @@ CVE-2017-1000082 (systemd v233 and earlier fails to
safely parse usernames start
CVE-2017-10977
RESERVED
CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it
can lead t ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: ttftool not shipped in Debian package
CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8
might all ...)
NOT-FOR-US: Lutim
@@ -113519,19 +113519,19 @@ CVE-2017-9928 (In lrzip 0.631, a stack buffer
overflow was found in the function
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/74
CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attacker ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attacker ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attacker ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote
attacker ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might
allow atta ...)
@@ -119761,7 +119761,7 @@ CVE-2017-8421 (The function coff_set_alignment_hook
in coffcode.h in Binary File
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting
Address ...)
- - swftools <unfixed> (unimportant)
+ - swftools <removed> (unimportant)
NOTE: No actionable information, just a crash report against a four
year old release
NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for
values ...)
@@ -119852,7 +119852,7 @@ CVE-2017-8402 (PivotX 2.3.11 allows remote
authenticated users to execute arbitr
NOT-FOR-US: PivotX
CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur
in the ...)
{DLA-995-1}
- - swftools <unfixed> (unimportant; bug #861998)
+ - swftools <removed> (unimportant; bug #861998)
NOTE: https://github.com/matthiaskramm/swftools/issues/14
NOTE:
https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2
NOTE: Crash in CLI tool not considered a security issue
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31a54c53a9d3da2de5708427eb95a2473df3bd9e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31a54c53a9d3da2de5708427eb95a2473df3bd9e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
