Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 31a54c53 by Salvatore Bonaccorso at 2019-07-27T19:00:15Z swftools removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -93870,7 +93870,7 @@ CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename f CVE-2017-16891 RESERVED CVE-2017-16890 (SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono func ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/57 NOTE: Crash in CLI tool, no security impact CVE-2017-16889 @@ -94062,7 +94062,7 @@ CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to NOTE: https://github.com/upx/upx/issues/146 NOTE: crash in CLI tool, no security impact CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/52 NOTE: Crash in CLI tool, no security impact CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentica ...) @@ -94153,31 +94153,31 @@ CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a denial- CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scri ...) NOT-FOR-US: nodejs ejs CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/36 NOTE: Crash in CLI tool, no security implications CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/34 NOTE: Crash in CLI tool, no security implications CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...) - - swftools <unfixed> + - swftools <removed> [stretch] - swftools <no-dsa> (Minor issue) [jessie] - swftools <no-dsa> (Minor issue) [wheezy] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/33 CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/30 NOTE: Crash in CLI tool, no security implications CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...) - - swftools <unfixed> + - swftools <removed> [stretch] - swftools <no-dsa> (Minor issue) [jessie] - swftools <no-dsa> (Minor issue) [wheezy] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/23 CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump swf_GetB ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/21 NOTE: Crash in CLI tool, no security implications CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) @@ -94605,23 +94605,23 @@ CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.ph CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules ...) NOT-FOR-US: CMS Made Simple CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properl ...) - - swftools <unfixed> + - swftools <removed> [stretch] - swftools <no-dsa> (Minor issue) [jessie] - swftools <no-dsa> (Minor issue) [wheezy] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/51 CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check t ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/51 NOTE: Crash in CLI tool, no security implications CVE-2017-16795 RESERVED CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/50 NOTE: Crash in CLI tool, no security implications CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) - - swftools <unfixed> + - swftools <removed> [stretch] - swftools <no-dsa> (Minor issue) [jessie] - swftools <no-dsa> (Minor issue) [wheezy] - swftools <no-dsa> (Minor issue) @@ -94799,7 +94799,7 @@ CVE-2017-16713 CVE-2017-16712 RESERVED CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...) - - swftools <unfixed> (unimportant; bug #881390) + - swftools <removed> (unimportant; bug #881390) NOTE: https://github.com/matthiaskramm/swftools/issues/46 NOTE: Crash in CLI tool, no security implications CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 d ...) @@ -112002,22 +112002,22 @@ CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1 NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230 CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...) - - swftools <unfixed> (unimportant; bug #871022) + - swftools <removed> (unimportant; bug #871022) NOTE: https://github.com/matthiaskramm/swftools/issues/26 CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lea ...) - - swftools <unfixed> (unimportant; bug #871024) + - swftools <removed> (unimportant; bug #871024) NOTE: https://github.com/matthiaskramm/swftools/issues/27 CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead t ...) - - swftools <unfixed> (unimportant; bug #871018) + - swftools <removed> (unimportant; bug #871018) NOTE: https://github.com/matthiaskramm/swftools/issues/31 CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead t ...) - - swftools <unfixed> (unimportant; bug #871020) + - swftools <removed> (unimportant; bug #871020) NOTE: https://github.com/matthiaskramm/swftools/issues/32 CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...) - - swftools <unfixed> (unimportant; bug #871025) + - swftools <removed> (unimportant; bug #871025) NOTE: https://github.com/matthiaskramm/swftools/issues/24 CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...) - - swftools <unfixed> (unimportant; bug #871026) + - swftools <removed> (unimportant; bug #871026) NOTE: https://github.com/matthiaskramm/swftools/issues/25 CVE-2017-11095 RESERVED @@ -112338,7 +112338,7 @@ CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames start CVE-2017-10977 RESERVED CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: ttftool not shipped in Debian package CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might all ...) NOT-FOR-US: Lutim @@ -113519,19 +113519,19 @@ CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/74 CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) @@ -119761,7 +119761,7 @@ CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...) - - swftools <unfixed> (unimportant) + - swftools <removed> (unimportant) NOTE: No actionable information, just a crash report against a four year old release NOTE: https://github.com/matthiaskramm/swftools/issues/41 CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...) @@ -119852,7 +119852,7 @@ CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute arbitr NOT-FOR-US: PivotX CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...) {DLA-995-1} - - swftools <unfixed> (unimportant; bug #861998) + - swftools <removed> (unimportant; bug #861998) NOTE: https://github.com/matthiaskramm/swftools/issues/14 NOTE: https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2 NOTE: Crash in CLI tool not considered a security issue View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31a54c53a9d3da2de5708427eb95a2473df3bd9e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31a54c53a9d3da2de5708427eb95a2473df3bd9e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits