[Secure-testing-commits] r56997 - data/CVE

Moritz Muehlenhoff Thu, 26 Oct 2017 10:26:58 -0700

Author: jmm
Date: 2017-10-26 17:26:32 +0000 (Thu, 26 Oct 2017)
New Revision: 56997


Modified:
   data/CVE/list
Log:
ffmpeg upstream reference (checked with upstream)
unrar-free, libsdl no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-26 16:53:48 UTC (rev 56996)
+++ data/CVE/list       2017-10-26 17:26:32 UTC (rev 56997)
@@ -1711,9 +1711,10 @@
        NOTE: 
https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
        NOTE: 
https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d
 CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows 
remote ...)
-       - ffmpeg <undetermined>
+       - ffmpeg <unfixed>
+       - libav <undetermined>
        NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
-       TODO: check
+       NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
 CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...)
        - mp3splt 2.6.2+20170630-2
        [jessie] - mp3splt <not-affected> (Vulnerable code not present)
@@ -4830,6 +4831,8 @@
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a 
directory ...)
        {DLA-1091-1}
        - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
+       [stretch] - unrar-free <no-dsa> (Minor issue)
+       [jessie] - unrar-free <no-dsa> (Minor issue)
        NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
        NOTE: Proposed patch: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
 CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, ...)
@@ -38697,6 +38700,8 @@
        RESERVED
 CVE-2017-2888 (An exploitable integer overflow vulnerability exists when 
creating a ...)
        - libsdl2 2.0.6+dfsg1-4 (bug #878264)
+       [stretch] - libsdl2 <no-dsa> (Minor issue)
+       [jessie] - libsdl2 <no-dsa> (Minor issue)
        - libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface 
contains further check for too large width or height)
        NOTE: 
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
        NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56997 - data/CVE

Reply via email to