Author: jmm Date: 2017-12-01 15:44:29 +0000 (Fri, 01 Dec 2017) New Revision: 58185
Modified: data/CVE/list Log: wireshark triage Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-01 15:38:34 UTC (rev 58184) +++ data/CVE/list 2017-12-01 15:44:29 UTC (rev 58185) @@ -45,8 +45,8 @@ RESERVED CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...) - ffmpeg <unfixed> + [stretch] - ffmpeg <postponed> (Can wait for the next 3.2.x release) NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 - TODO: check CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) - binutils <unfixed> [stretch] - binutils <ignored> (Minor issue) @@ -6865,6 +6865,8 @@ NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an ...) - wireshark 2.4.2-1 (low) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080 NOTE: https://code.wireshark.org/review/23663 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8 @@ -11036,6 +11038,8 @@ NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP ...) - wireshark 2.4.1-1 + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html @@ -11052,6 +11056,8 @@ NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL ...) - wireshark 2.4.1-1 + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94 NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html @@ -18015,6 +18021,7 @@ NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML ...) - wireshark 2.4.0-1 (bug #870180) + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied) [wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796 @@ -18041,6 +18048,8 @@ NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...) - wireshark 2.4.0-1 (bug #870172) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html @@ -22597,7 +22606,9 @@ CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali ...) NOT-FOR-US: Quali CloudShell CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows ...) - - wireshark 2.4.0-1 (bug #870175) + - wireshark 2.4.0-1 (low; bug #870175) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000 CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...) @@ -23179,9 +23190,13 @@ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870174) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799 CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...) - wireshark 2.4.0-1 (low; bug #870173) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier ...) NOT-FOR-US: Cognito Software Moneyworks @@ -23968,13 +23983,16 @@ NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646 CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <not-affected> (Only affects 2.2.x) [wheezy] - wireshark <not-affected> (Only affects 2.2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675 CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599 CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector ...) @@ -23990,7 +24008,9 @@ NOTE: the related commits from the CVE-2017-11411. Otherwise those releases NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix. CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685 CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...) @@ -24001,24 +24021,33 @@ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608 CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...) - wireshark 2.2.7-1 (bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) [jessie] - wireshark <not-affected> (Only affects 2.2.x) [wheezy] - wireshark <not-affected> (Only affects 2.2.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631 CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633 CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701 CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector ...) - - wireshark 2.2.7-1 (bug #864058) + - wireshark 2.2.7-1 (low; bug #864058) + [stretch] - wireshark <no-dsa> (Minor issue) + [jessie] - wireshark <no-dsa> (Minor issue) NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725 CVE-2017-9342 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits