Author: jmm Date: 2017-02-13 21:57:12 +0000 (Mon, 13 Feb 2017) New Revision: 48888
Modified: data/CVE/list Log: libwebp unimportant Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-13 21:55:06 UTC (rev 48887) +++ data/CVE/list 2017-02-13 21:57:12 UTC (rev 48888) @@ -5487,7 +5487,7 @@ CVE-2017-3903 RESERVED CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface ...) - TODO: check + NOT-FOR-US: Intel Security ePO CVE-2017-3901 RESERVED CVE-2017-3900 @@ -5499,7 +5499,7 @@ CVE-2017-3897 RESERVED CVE-2017-3896 (Unvalidated parameter vulnerability in the remote log viewing ...) - TODO: check + NOT-FOR-US: Intel McAfee CVE-2017-3895 RESERVED CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...) @@ -16621,13 +16621,14 @@ CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS ...) NOT-FOR-US: Joyent SmartOS CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have ...) - - libwebp <unfixed> (bug #842714) + - libwebp <unfixed> (unimportant; bug #842714) [wheezy] - libwebp <not-affected> (vulnerable code not present) NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private) NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c NOTE: Origin of the file seems to be from libav - TODO: check: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patch looks different, needs investigation + NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patches + NOTE: look different, needs further investigation before marking as fixed CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 ...) - linux 4.8.11-1 [jessie] - linux 3.16.39-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits