[Secure-testing-commits] r50802 - data/CVE

Wed, 19 Apr 2017 06:26:09 -0700 

Author: apo
Date: 2017-04-19 13:25:23 +0000 (Wed, 19 Apr 2017)
New Revision: 50802

Modified:
   data/CVE/list
Log:
Remaining libplist issues do not affect Wheezy

The affected sanity checks either do not exist in Wheezy or do not use 64-bit
seizes hence the envisaged interger-overflow situation cannot occur.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-04-19 12:38:25 UTC (rev 50801)
+++ data/CVE/list       2017-04-19 13:25:23 UTC (rev 50802)
@@ -4189,6 +4189,7 @@
 CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice 
libplist ...)
        - libplist 1.12+git+1+e37ca00-0.2 (bug #858055)
        [jessie] - libplist <no-dsa> (Minor issue)
+       [wheezy] - libplist <not-affected> (vulnerable code not present)
        NOTE: https://github.com/libimobiledevice/libplist/issues/99
        NOTE: Fixed by: 
https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
 CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in 
...)
@@ -4200,11 +4201,13 @@
 CVE-2017-6438 (Heap-based buffer overflow in the parse_unicode_node function 
in ...)
        - libplist 1.12+git+1+e37ca00-0.2 (bug #858786)
        [jessie] - libplist <no-dsa> (Minor issue)
+       [wheezy] - libplist <not-affected> (vulnerable code not present)
        NOTE: https://github.com/libimobiledevice/libplist/issues/98
        NOTE: Fixed by: 
https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
 CVE-2017-6437 (The base64encode function in base64.c in libimobiledevice 
libplist ...)
        - libplist 1.12+git+1+e37ca00-0.2 (bug #858787)
        [jessie] - libplist <no-dsa> (Minor issue)
+       [wheezy] - libplist <not-affected> (vulnerable code not present)
        NOTE: https://github.com/libimobiledevice/libplist/issues/100
        NOTE: Fixed by: 
https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
 CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice 
...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to