Author: carnil
Date: 2017-05-02 04:16:42 +0000 (Tue, 02 May 2017)
New Revision: 51252
Modified:
data/CVE/list
Log:
Mark libmad as undetermined
Please add add explanation in case not-affected. Not able to reproduce
with a reproducer is not enough to determine 'not-affected.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-02 04:16:10 UTC (rev 51251)
+++ data/CVE/list 2017-05-02 04:16:42 UTC (rev 51252)
@@ -62,9 +62,9 @@
CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b ...)
- libmad <unfixed>
CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad
0.15.1b, ...)
- - libmad <not-affected>
+ - libmad <undetermined>
NOTE:
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
- NOTE: No assertion failure with reproducer
+ NOTE: No assertion failure with reproducer, if fails when built with
debug then unimportant
CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0
uses ...)
NOT-FOR-US: Schneider Electric
CVE-2017-8370
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
