[Secure-testing-commits] r52454 - data/CVE

Fri, 09 Jun 2017 13:05:54 -0700 

Author: jmm
Date: 2017-06-09 20:05:09 +0000 (Fri, 09 Jun 2017)
New Revision: 52454

Modified:
   data/CVE/list
Log:
yara bugs
lshell removal


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-06-09 20:03:38 UTC (rev 52453)
+++ data/CVE/list       2017-06-09 20:05:09 UTC (rev 52454)
@@ -153,7 +153,7 @@
 CVE-2017-9466
        RESERVED
 CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote 
attackers ...)
-       - yara <unfixed> (low)
+       - yara <unfixed> (low; bug #864517)
        [stretch] - yara <no-dsa> (Minor issue)
        [jessie] - yara <no-dsa> (Minor issue)
        NOTE: https://github.com/VirusTotal/yara/issues/678
@@ -222,7 +222,7 @@
        NOTE: https://github.com/ImageMagick/ImageMagick/issues/460
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
 CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote 
attackers ...)
-       - yara <unfixed>
+       - yara <unfixed> (low; bug #864518)
        [stretch] - yara <no-dsa> (Minor issue)
        [jessie] - yara <no-dsa> (Minor issue)
        NOTE: https://github.com/VirusTotal/yara/issues/674
@@ -34433,6 +34433,7 @@
        NOTE: Vulnerable code not present in any Libav version.
 CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of 
a ...)
        - lshell <removed> (bug #834949)
+       [jessie] - lshell <no-dsa> (Scheduled for removal)
        [wheezy] - lshell <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ghantoos/lshell/issues/147
        NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
@@ -34441,6 +34442,7 @@
        NOTE: about issues/147" and possibly a new/additional CVE assignment.
 CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of 
a ...)
        - lshell <removed> (bug #834946)
+       [jessie] - lshell <no-dsa> (Scheduled for removal)
        [wheezy] - lshell <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/ghantoos/lshell/issues/149
        NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to