[Secure-testing-commits] r55090 - data/CVE

Fri, 25 Aug 2017 14:20:29 -0700 

Author: hle
Date: 2017-08-25 21:19:56 +0000 (Fri, 25 Aug 2017)
New Revision: 55090

Modified:
   data/CVE/list
Log:
Fix typo in CVE-2017-6419 & CVE-2017-11423 (does not does not have). Mark 
CVE-2017-9996 <not-affected> in wheezy (Vulnerable code not present).

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-25 21:16:41 UTC (rev 55089)
+++ data/CVE/list       2017-08-25 21:19:56 UTC (rev 55090)
@@ -5990,8 +5990,7 @@
        NOTE: ClamaV: 
https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
        NOTE: ClamAV uses the libmspack system library when available. This is 
the
        NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
-       NOTE: does not have libmspack and thus need to have the fix as well in 
the
-       NOTE: src:clamav source package.
+       NOTE: libmspack and thus need to have the fix as well in the src:clamav 
source package.
 CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a 
session's ...)
        NOT-FOR-US: Statamic
 CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap 
in ...)
@@ -8374,6 +8373,7 @@
 CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 
2.8.x ...)
        - ffmpeg 7:3.2.5-1
        - libav <undetermined>
+       [wheezy] - libav <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
 CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly 
validate ...)
@@ -20968,7 +20968,7 @@
        NOTE: 
https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
        NOTE: ClamAV uses the libmspack system library when available. This is 
the
        NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
-       NOTE: does not have libmspack and thus need to have the fix as well in 
the
+       NOTE: have libmspack and thus need to have the fix as well in the
        NOTE: src:clamav source package.
        NOTE: libmspack: 
https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229
 CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to 
cause a ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to