Author: apo
Date: 2017-05-07 19:25:58 +0000 (Sun, 07 May 2017)
New Revision: 51385
Modified:
data/CVE/list
Log:
Mark two binutils CVE as no-dsa in Wheezy
objdump is a development tool hence the impact on production systems is rather
low
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-07 19:19:09 UTC (rev 51384)
+++ data/CVE/list 2017-05-07 19:25:58 UTC (rev 51385)
@@ -821,6 +821,7 @@
CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary
File ...)
- binutils <unfixed>
[jessie] - binutils <no-dsa> (Minor issue)
+ [wheezy] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
CVE-2017-8420
@@ -919,6 +920,7 @@
CVE-2017-8398 (dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read
of size 1 ...)
- binutils <unfixed>
[jessie] - binutils <no-dsa> (Minor issue)
+ [wheezy] - binutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21438
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
CVE-2017-8397 (The Binary File Descriptor (BFD) library (aka libbfd), as
distributed ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
