Author: alteholz
Date: 2017-10-24 12:52:33 +0000 (Tue, 24 Oct 2017)
New Revision: 56937
Modified:
data/CVE/list
data/dla-needed.txt
Log:
follow security team and mark everything as <no-dsa>, patches still not
available
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-24 09:26:33 UTC (rev 56936)
+++ data/CVE/list 2017-10-24 12:52:33 UTC (rev 56937)
@@ -10304,6 +10304,7 @@
- libytnef <unfixed> (bug #870817)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/51
CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the
function ...)
- libquicktime <unfixed> (unimportant)
@@ -10312,11 +10313,13 @@
- libytnef <unfixed> (low; bug #870816)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/49
CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was
found in ...)
- libytnef <unfixed> (low; bug #870815)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick
7.0.6-1 has an ...)
{DLA-1081-1}
@@ -17825,30 +17828,35 @@
- libytnef <unfixed> (low; bug #870192)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/40
NOTE:
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows
remote ...)
- libytnef <unfixed> (low; bug #870197)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/42
NOTE:
https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows
remote ...)
- libytnef <unfixed> (low; bug #870193)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/41
NOTE:
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows
remote ...)
- libytnef <unfixed> (low; bug #870194)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/39
NOTE:
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows
remote ...)
- libytnef <unfixed> (low; bug #870196)
[stretch] - libytnef <no-dsa> (Minor issue)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/37
NOTE:
https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly
quoted DCC ...)
@@ -19077,6 +19085,7 @@
- libytnef <unfixed> (bug #862707)
[stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point
update)
[jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point
update)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/47
CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x
does not ...)
- tikiwiki <removed>
@@ -19468,6 +19477,7 @@
CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based
buffer ...)
- libytnef 1.9.2-2 (low; bug #862556)
[jessie] - libytnef <no-dsa> (Minor issue)
+ [wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/45
CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before
2.1.13 ...)
NOT-FOR-US: Joomla extension
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-10-24 09:26:33 UTC (rev 56936)
+++ data/dla-needed.txt 2017-10-24 12:52:33 UTC (rev 56937)
@@ -62,9 +62,6 @@
libxml-libxml-perl
NOTE: 20170702: no upstream fix yet, so no need to bother maintainer yet,
sent email later
--
-libytnef
- NOTE: 20170813: patches missing
---
linux
--
ming (Hugo Lefeuvre)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
