Author: carnil Date: 2017-10-07 08:52:25 +0000 (Sat, 07 Oct 2017) New Revision: 56483
Modified: data/CVE/list data/next-point-update.txt Log: Merge first set of fixes for Stretch point release (9.2) Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-10-07 08:38:49 UTC (rev 56482) +++ data/CVE/list 2017-10-07 08:52:25 UTC (rev 56483) @@ -3725,43 +3725,43 @@ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988 CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...) - ncurses 6.0+20170827-1 (bug #873723) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291 CVE-2017-13733 (There is an illegal address access in the fmt_entry function in ...) - ncurses 6.0+20170902-1 (bug #873746) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290 CVE-2017-13732 (There is an illegal address access in the function dump_uses() in ...) - ncurses 6.0+20170827-1 (bug #873723) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287 CVE-2017-13731 (There is an illegal address access in the function ...) - ncurses 6.0+20170827-1 (bug #873723) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285 CVE-2017-13730 (There is an illegal address access in the function ...) - ncurses 6.0+20170827-1 (bug #873723) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284 CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in ...) - ncurses 6.0+20170827-1 (bug #873723) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276 CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...) - ncurses 6.0+20170827-1 (bug #873723) - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <ignored> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274 @@ -10345,7 +10345,7 @@ RESERVED CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...) - gnome-exe-thumbnailer 0.9.5-1 (bug #868705) - [stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue) + [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1 NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html NOTE: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...) @@ -11328,13 +11328,13 @@ NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...) - ncurses 6.0+20170701-1 - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691 CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...) - ncurses 6.0+20170701-1 - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686 @@ -11818,14 +11818,14 @@ CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the ...) {DLA-1089-1} - irssi 1.0.4-1 (low; bug #867598) - [stretch] - irssi <no-dsa> (Minor issue) + [stretch] - irssi 1.0.2-1+deb9u2 [jessie] - irssi <no-dsa> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2017_07.txt NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...) {DLA-1089-1} - irssi 1.0.4-1 (low; bug #867598) - [stretch] - irssi <no-dsa> (Minor issue) + [stretch] - irssi 1.0.2-1+deb9u2 [jessie] - irssi <no-dsa> (Minor issue) NOTE: https://irssi.org/security/irssi_sa_2017_07.txt NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 @@ -11902,7 +11902,7 @@ CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...) {DLA-1044-1} - ipsec-tools 1:0.8.2+20140711-9 (bug #867986) - [stretch] - ipsec-tools <no-dsa> (Will be fixed via point release) + [stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1 [jessie] - ipsec-tools <no-dsa> (Will be fixed via point release) NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1 NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682 @@ -12453,13 +12453,13 @@ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414 CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entry ...) - ncurses 6.0+20170701-1 - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692 CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry ...) - ncurses 6.0+20170708-1 - [stretch] - ncurses <no-dsa> (Minor issue) + [stretch] - ncurses 6.0+20161126-1+deb9u1 [jessie] - ncurses <no-dsa> (Minor issue) [wheezy] - ncurses <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687 @@ -15329,11 +15329,11 @@ NOT-FOR-US: Infotecs ViPNet Client and Coordinator CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...) - kdepim 4:16.04.3-4 (bug #864804) - [stretch] - kdepim <no-dsa> (Minor issue) + [stretch] - kdepim 4:16.04.3-4~deb9u1 [jessie] - kdepim <no-dsa> (Minor issue) [wheezy] - kdepim <not-affected> (sendlater issue is not present in kdepim-4.4.11.1+l10n) - kf5-messagelib 4:16.04.3-3 (bug #864803) - [stretch] - kf5-messagelib <no-dsa> (Minor issue) + [stretch] - kf5-messagelib 4:16.04.3-3~deb9u1 NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt @@ -83810,7 +83810,7 @@ REJECTED CVE-2015-5191 (VMware Tools prior to 10.0.9 contains multiple file system races in ...) - open-vm-tools 2:10.1.5-5055683-5 (low; bug #869633) - [stretch] - open-vm-tools <no-dsa> (Minor issue) + [stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1 [jessie] - open-vm-tools <not-affected> (Vulnerable code not present) [wheezy] - open-vm-tools <not-affected> (Vulnerable code not present) NOTE: 9.10.x: https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821 Modified: data/next-point-update.txt =================================================================== --- data/next-point-update.txt 2017-10-07 08:38:49 UTC (rev 56482) +++ data/next-point-update.txt 2017-10-07 08:52:25 UTC (rev 56483) @@ -1,38 +1,3 @@ -CVE-2017-11113 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-11112 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-10684 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-10685 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13728 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13729 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13730 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13731 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13732 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13733 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-13734 - [stretch] - ncurses 6.0+20161126-1+deb9u1 -CVE-2017-9604 - [stretch] - kdepim 4:16.04.3-4~deb9u1 - [stretch] - kf5-messagelib 4:16.04.3-3~deb9u1 -CVE-2015-5191 - [stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1 -CVE-2017-11421 - [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1 -CVE-2016-10396 - [stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1 -CVE-2017-10966 - [stretch] - irssi 1.0.2-1+deb9u2 -CVE-2017-10965 - [stretch] - irssi 1.0.2-1+deb9u2 CVE-2017-6257 [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1 CVE-2017-6259 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits