Author: carnil Date: 2016-12-12 08:23:02 +0000 (Mon, 12 Dec 2016) New Revision: 46983
Modified: data/CVE/list Log: Mark bluez as no-dsa, need to fill bugreport Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-12 06:34:56 UTC (rev 46982) +++ data/CVE/list 2016-12-12 08:23:02 UTC (rev 46983) @@ -32,9 +32,11 @@ NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero" issue. CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9906 RESERVED @@ -7296,27 +7298,35 @@ RESERVED CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in "commands_dump" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function ...) - bluez <unfixed> + [jessie] - bluez <no-dsa> (Minor issue) NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html CVE-2016-9794 [Linux kernel: ALSA: use-after-free in,kill_fasync] RESERVED _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits