[Secure-testing-commits] r57860 - in data: CVE DLA

Moritz Muehlenhoff Mon, 20 Nov 2017 10:18:34 -0800

Author: jmm
Date: 2017-11-20 18:17:54 +0000 (Mon, 20 Nov 2017)
New Revision: 57860


Modified:
   data/CVE/list
   data/DLA/list
Log:
fix opencv entry
htslib no-dsa
ffmpeg postponed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-20 16:14:36 UTC (rev 57859)
+++ data/CVE/list       2017-11-20 18:17:54 UTC (rev 57860)
@@ -123,6 +123,8 @@
        NOTE: 
https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
 CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is 
vulnerable to ...)
        - htslib 1.4.1-1
+       [stretch] - htslib <no-dsa> (Minor issue)
+       [jessie] - htslib <no-dsa> (Minor issue)
 CVE-2017-1000204
        REJECTED
 CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an 
authenticated shell ...)
@@ -625,8 +627,9 @@
        NOTE: 
https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
        NOTE: https://github.com/radare/radare2/issues/8813
 CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the 
smacker_decode_tree ...)
-       - libav <removed>
-       - ffmpeg <unfixed>
+       - libav <removed> (low)
+       - ffmpeg <unfixed> (low)
+       [stretch] - ffmpeg <postponed> (Can be fixed with next 3.2.x release)
        NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
        NOTE: 
https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
        NOTE: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
@@ -8104,8 +8107,7 @@
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004
        NOTE: ImageMagick in Debian not compiled with webp support 
(--with-webp=yes)
 CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an 
out-of-bounds ...)
-       {DLA-1117-1}
-       - opencv <unfixed>
+       - opencv <not-affected> (Incomplete patch never shipped)
        NOTE: https://github.com/opencv/opencv/issues/9443
        NOTE: https://github.com/opencv/opencv/pull/9448
 CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py 
in the ...)

Modified: data/DLA/list
===================================================================
--- data/DLA/list       2017-11-20 16:14:36 UTC (rev 57859)
+++ data/DLA/list       2017-11-20 18:17:54 UTC (rev 57860)
@@ -193,7 +193,7 @@
        {CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 
CVE-2017-7819 CVE-2017-7823 CVE-2017-7824}
        [wheezy] - firefox-esr 52.4.0esr-2~deb7u1
 [29 Sep 2017] DLA-1117-1 opencv - security update
-       {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-14136}
+       {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 
CVE-2017-12862 CVE-2017-12863 CVE-2017-12864}
        [wheezy] - opencv 2.3.1-11+deb7u2
 [27 Sep 2017] DLA-1116-1 poppler - security update
        {CVE-2017-14517 CVE-2017-14519 CVE-2017-14617}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r57860 - in data: CVE DLA

Reply via email to