Author: jmm Date: 2017-12-07 20:59:36 +0000 (Thu, 07 Dec 2017) New Revision: 58339
Modified: data/CVE/list data/dsa-needed.txt Log: various no-dsa add two openssl and sqlite to dsa-needed Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-12-07 19:29:48 UTC (rev 58338) +++ data/CVE/list 2017-12-07 20:59:36 UTC (rev 58339) @@ -1,8 +1,12 @@ CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...) - - libsndfile <unfixed> + - libsndfile <unfixed> (low) + [stretch] - libsndfile <no-dsa> (Minor issue) + [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/344 CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...) - - libsndfile <unfixed> + - libsndfile <unfixed> (low) + [stretch] - libsndfile <no-dsa> (Minor issue) + [jessie] - libsndfile <no-dsa> (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/344 CVE-2017-17455 RESERVED @@ -3605,7 +3609,9 @@ CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execute ...) NOT-FOR-US: DBL DBLTek devices CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown ...) - - icinga2 <unfixed> (bug #883247) + - icinga2 <unfixed> (low; bug #883247) + [stretch] - icinga2 <no-dsa> (Minor issue) + [jessie] - icinga2 <no-dsa> (Minor issue) NOTE: https://github.com/Icinga/icinga2/issues/5793 CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...) - cacti 0.8.8h+ds1-5 (bug #833420) @@ -3936,8 +3942,9 @@ NOTE: https://github.com/upx/upx/issues/146 NOTE: crash in CLI tool, no security impact CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/52 + NOTE: Crash in CLI tool, no security impact CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...) NOT-FOR-US: Amazon Key CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis ...) @@ -4020,23 +4027,31 @@ CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...) NOT-FOR-US: nodejs ejs CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/36 + NOTE: Crash in CLI tool, no security implications CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/34 + NOTE: Crash in CLI tool, no security implications CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...) - swftools <unfixed> + [stretch] - swftools <no-dsa> (Minor issue) + [jessie] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/33 CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/30 + NOTE: Crash in CLI tool, no security implications CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...) - swftools <unfixed> + [stretch] - swftools <no-dsa> (Minor issue) + [jessie] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/23 CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/21 + NOTE: Crash in CLI tool, no security implications CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) NOT-FOR-US: Creolabs Gravity CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...) @@ -4449,17 +4464,23 @@ NOT-FOR-US: CMS Made Simple CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properly ...) - swftools <unfixed> + [stretch] - swftools <no-dsa> (Minor issue) + [jessie] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/51 CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/51 + NOTE: Crash in CLI tool, no security implications CVE-2017-16795 RESERVED CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...) - - swftools <unfixed> + - swftools <unfixed> (unimportant) NOTE: https://github.com/matthiaskramm/swftools/issues/50 + NOTE: Crash in CLI tool, no security implications CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) - swftools <unfixed> + [stretch] - swftools <no-dsa> (Minor issue) + [jessie] - swftools <no-dsa> (Minor issue) NOTE: https://github.com/matthiaskramm/swftools/issues/47 CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...) NOT-FOR-US: geminabox @@ -4630,9 +4651,9 @@ CVE-2017-16712 RESERVED CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...) - - swftools <unfixed> (bug #881390) - [wheezy] - swftools <no-dsa> (Minor issue) + - swftools <unfixed> (unimportant; bug #881390) NOTE: https://github.com/matthiaskramm/swftools/issues/46 + NOTE: Crash in CLI tool, no security implications CVE-2017-16710 RESERVED CVE-2017-16709 @@ -5569,6 +5590,8 @@ NOTE: https://blogs.securiteam.com/index.php/archives/3494 CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...) - pluxml <unfixed> (bug #881796) + [jessie] - pluxml <no-dsa> (Minor issue) + [stretch] - pluxml <no-dsa> (Minor issue) NOTE: https://github.com/pluxml/PluXml/issues/253 CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) NOT-FOR-US: Jenkins plugin Modified: data/dsa-needed.txt =================================================================== --- data/dsa-needed.txt 2017-12-07 19:29:48 UTC (rev 58338) +++ data/dsa-needed.txt 2017-12-07 20:59:36 UTC (rev 58339) @@ -31,6 +31,8 @@ linux Wait until more issues have piled up -- +openssl1.0/stable +-- otrs2 -- php-horde-image @@ -51,6 +53,8 @@ -- simplesamlphp -- +sqlite3/oldstable +-- tiff wait until more issues are around -- _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits