Author: carnil
Date: 2017-10-07 08:52:25 +0000 (Sat, 07 Oct 2017)
New Revision: 56483
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Merge first set of fixes for Stretch point release (9.2)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-07 08:38:49 UTC (rev 56482)
+++ data/CVE/list 2017-10-07 08:52:25 UTC (rev 56483)
@@ -3725,43 +3725,43 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988
CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat
function in ...)
- ncurses 6.0+20170827-1 (bug #873723)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291
CVE-2017-13733 (There is an illegal address access in the fmt_entry function
in ...)
- ncurses 6.0+20170902-1 (bug #873746)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290
CVE-2017-13732 (There is an illegal address access in the function dump_uses()
in ...)
- ncurses 6.0+20170827-1 (bug #873723)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287
CVE-2017-13731 (There is an illegal address access in the function ...)
- ncurses 6.0+20170827-1 (bug #873723)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285
CVE-2017-13730 (There is an illegal address access in the function ...)
- ncurses 6.0+20170827-1 (bug #873723)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284
CVE-2017-13729 (There is an illegal address access in the _nc_save_str
function in ...)
- ncurses 6.0+20170827-1 (bug #873723)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276
CVE-2017-13728 (There is an infinite loop in the next_char function in
comp_scan.c in ...)
- ncurses 6.0+20170827-1 (bug #873723)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
@@ -10345,7 +10345,7 @@
RESERVED
CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript
Injection ...)
- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
- [stretch] - gnome-exe-thumbnailer <no-dsa> (Minor issue)
+ [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
NOTE:
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
NOTE:
https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...)
@@ -11328,13 +11328,13 @@
NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
- ncurses 6.0+20170701-1
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691
CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff
access in the ...)
- ncurses 6.0+20170701-1
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
@@ -11818,14 +11818,14 @@
CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating
the ...)
{DLA-1089-1}
- irssi 1.0.4-1 (low; bug #867598)
- [stretch] - irssi <no-dsa> (Minor issue)
+ [stretch] - irssi 1.0.2-1+deb9u2
[jessie] - irssi <no-dsa> (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
NOTE:
https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving
messages ...)
{DLA-1089-1}
- irssi 1.0.4-1 (low; bug #867598)
- [stretch] - irssi <no-dsa> (Minor issue)
+ [stretch] - irssi 1.0.2-1+deb9u2
[jessie] - irssi <no-dsa> (Minor issue)
NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
NOTE:
https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
@@ -11902,7 +11902,7 @@
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely
exploitable ...)
{DLA-1044-1}
- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
- [stretch] - ipsec-tools <no-dsa> (Will be fixed via point release)
+ [stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
[jessie] - ipsec-tools <no-dsa> (Will be fixed via point release)
NOTE: NetBSD applied patch:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
NOTE: NetBSD Problem report:
https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
@@ -12453,13 +12453,13 @@
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414
CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the
fmt_entry ...)
- ncurses 6.0+20170701-1
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692
CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the
fmt_entry ...)
- ncurses 6.0+20170708-1
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses 6.0+20161126-1+deb9u1
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687
@@ -15329,11 +15329,11 @@
NOT-FOR-US: Infotecs ViPNet Client and Coordinator
CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as
distributed in ...)
- kdepim 4:16.04.3-4 (bug #864804)
- [stretch] - kdepim <no-dsa> (Minor issue)
+ [stretch] - kdepim 4:16.04.3-4~deb9u1
[jessie] - kdepim <no-dsa> (Minor issue)
[wheezy] - kdepim <not-affected> (sendlater issue is not present in
kdepim-4.4.11.1+l10n)
- kf5-messagelib 4:16.04.3-3 (bug #864803)
- [stretch] - kf5-messagelib <no-dsa> (Minor issue)
+ [stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
NOTE: Fixed by (kmail):
https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
NOTE: Fixed by (messagelib):
https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197
NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt
@@ -83810,7 +83810,7 @@
REJECTED
CVE-2015-5191 (VMware Tools prior to 10.0.9 contains multiple file system
races in ...)
- open-vm-tools 2:10.1.5-5055683-5 (low; bug #869633)
- [stretch] - open-vm-tools <no-dsa> (Minor issue)
+ [stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1
[jessie] - open-vm-tools <not-affected> (Vulnerable code not present)
[wheezy] - open-vm-tools <not-affected> (Vulnerable code not present)
NOTE: 9.10.x:
https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2017-10-07 08:38:49 UTC (rev 56482)
+++ data/next-point-update.txt 2017-10-07 08:52:25 UTC (rev 56483)
@@ -1,38 +1,3 @@
-CVE-2017-11113
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-11112
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-10684
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-10685
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13728
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13729
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13730
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13731
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13732
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13733
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-13734
- [stretch] - ncurses 6.0+20161126-1+deb9u1
-CVE-2017-9604
- [stretch] - kdepim 4:16.04.3-4~deb9u1
- [stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
-CVE-2015-5191
- [stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1
-CVE-2017-11421
- [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
-CVE-2016-10396
- [stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
-CVE-2017-10966
- [stretch] - irssi 1.0.2-1+deb9u2
-CVE-2017-10965
- [stretch] - irssi 1.0.2-1+deb9u2
CVE-2017-6257
[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
CVE-2017-6259
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
