Author: jmm Date: 2017-02-15 18:47:05 +0000 (Wed, 15 Feb 2017) New Revision: 48967
Modified: data/CVE/list Log: gst-plugins-bad0.10, podofo no-dsa Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-15 18:45:43 UTC (rev 48966) +++ data/CVE/list 2017-02-15 18:47:05 UTC (rev 48967) @@ -797,6 +797,7 @@ CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...) - gst-plugins-bad1.0 <unfixed> (low) - gst-plugins-bad0.10 <unfixed> (low) + [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957 NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 @@ -824,6 +825,7 @@ CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) ...) - gst-plugins-bad1.0 1.10.3-1 - gst-plugins-bad0.10 <unfixed> (low) + [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503 CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c ...) @@ -922,32 +924,38 @@ NOT-FOR-US: festivaltts4r CVE-2017-XXXX [podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp)] - libpodofo <unfixed> (bug #854605) + [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfinfoguessformat-pdfinfo-cpp/ NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/02/21 CVE-2015-8981 [Heap overflow in the function ReadXRefSubsection] RESERVED - libpodofo 0.9.4-1 (bug #854599) + [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/ NOTE: https://sourceforge.net/p/podofo/code/1672 CVE-2017-5855 [NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection] RESERVED - libpodofo <unfixed> (bug #854603) + [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5854 [NULL pointer dereference in PdfOutputStream.cpp] RESERVED - libpodofo <unfixed> (bug #854602) + [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5853 [Signed integer overflow in PdfParser.cpp] RESERVED - libpodofo <unfixed> (bug #854601) + [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5852 [Infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject] RESERVED - libpodofo <unfixed> (bug #854600) + [jessie] - libpodofo <no-dsa> (Minor issue) NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 CVE-2017-5849 [Out-of-Bound read and write issues in put1bitbwtile() and putgreytile()] _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits