[Secure-testing-commits] r51803 - in data: . CVE

Ola Lundqvist Sun, 21 May 2017 14:11:32 -0700

Author: opal
Date: 2017-05-21 21:10:54 +0000 (Sun, 21 May 2017)
New Revision: 51803


Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triaging work.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-05-21 21:10:21 UTC (rev 51802)
+++ data/CVE/list       2017-05-21 21:10:54 UTC (rev 51803)
@@ -689,10 +689,12 @@
        NOT-FOR-US: Allen Disk
 CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so 
in ...)
        - lrzip <unfixed>
+       [wheezy] - lrzip <no-dsa> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/67
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
 CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 
0.631 ...)
        - lrzip <unfixed>
+       [wheezy] - lrzip <no-dsa> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/71
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
 CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as 
used in ...)
@@ -706,10 +708,12 @@
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
 CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 
0.631 ...)
        - lrzip <unfixed>
+       [wheezy] - lrzip <no-dsa> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/69
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
 CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so 
in ...)
        - lrzip <unfixed>
+       [wheezy] - lrzip <no-dsa> (Minor issue)
        NOTE: https://github.com/ckolivas/lrzip/issues/66
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
 CVE-2017-8841

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-05-21 21:10:21 UTC (rev 51802)
+++ data/dla-needed.txt 2017-05-21 21:10:54 UTC (rev 51803)
@@ -58,6 +58,8 @@
 --
 libytnef (Thorsten Alteholz)
 --
+lintian
+--
 linux
 --
 lzo2
@@ -67,6 +69,8 @@
 mcollective
   NOTE: See https://lists.debian.org/debian-lts/2017/03/msg00008.html
 --
+miniupnpc
+--
 mp3splt
   NOTE: 2017-02-28: No patch available. Reproducer doesn't work with Debian
   NOTE: packages (tested on Stretch, Jessie and Wheezy). It's claimed to
@@ -95,6 +99,8 @@
 potrace
   NOTE: This CVE is for an incomplete fix of CVE-2016-8698
 --
+puppet
+--
 putty
   NOTE: 2017-04-14: CVE-2017-6542 is only exploitable by a malicious server
   NOTE: with SSH agent forwarding enabled. In this case, the client is in
@@ -109,6 +115,8 @@
 rzip
   NOTE: 2017-05-09: No patch
 --
+smb4k
+--
 tiff
   NOTE: https://people.debian.org/~apo/tiff/tiff.debdiff
   NOTE: Waiting for more issues until the end of the month


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r51803 - in data: . CVE

Reply via email to