Author: apo
Date: 2017-04-14 22:01:40 +0000 (Fri, 14 Apr 2017)
New Revision: 50683
Modified:
data/CVE/list
Log:
Triage elfutils for Wheezy
CVE-2017-7607 and CVE-2017-7609 do not affect Wheezy, the rest is too minor
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-14 21:27:18 UTC (rev 50682)
+++ data/CVE/list 2017-04-14 22:01:40 UTC (rev 50683)
@@ -654,36 +654,43 @@
CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of
sections ...)
- elfutils <unfixed> (bug #859990)
[jessie] - elfutils <no-dsa> (Minor issue)
+ [wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168
allows ...)
- elfutils <unfixed> (bug #859991)
[jessie] - elfutils <no-dsa> (Minor issue)
+ [wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168
allows ...)
- elfutils <unfixed> (bug #859992)
[jessie] - elfutils <no-dsa> (Minor issue)
+ [wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows
remote ...)
- elfutils <unfixed> (bug #859993)
[jessie] - elfutils <no-dsa> (Minor issue)
+ [wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib
compression ...)
- elfutils <unfixed> (bug #859994)
[jessie] - elfutils <not-affected> (Vulnerable code not present)
+ [wheezy] - elfutils <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c
in ...)
- elfutils <unfixed> (bug #859995)
[jessie] - elfutils <no-dsa> (Minor issue)
+ [wheezy] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168
allows ...)
- elfutils <unfixed> (bug #859996)
[jessie] - elfutils <no-dsa> (Minor issue)
+ [wheezy] - elfutils <not-affected> (vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21299
NOTE:
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/
CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an
assertion ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
