[Secure-testing-commits] r48946 - data/CVE

Moritz Muehlenhoff Wed, 15 Feb 2017 03:59:53 -0800

Author: jmm
Date: 2017-02-15 11:58:53 +0000 (Wed, 15 Feb 2017)
New Revision: 48946


Modified:
   data/CVE/list
Log:
glibc regex issue unimportant
mysql no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-02-15 11:06:05 UTC (rev 48945)
+++ data/CVE/list       2017-02-15 11:58:53 UTC (rev 48946)
@@ -7407,6 +7407,7 @@
        - mysql-5.7 <not-affected> (Fixed before initial release in Debian)
        - mysql-5.6 <not-affected> (Fixed before initial release in Debian)
        - mysql-5.5 <removed> (bug #854713)
+       [jessie] - mysql-5.5 <no-dsa> (Can wait until the next Oracle CPU)
        NOTE: Fixed by: 
https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
        NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
        NOTE: https://bugs.mysql.com/bug.php?id=70429
@@ -8271,53 +8272,53 @@
 CVE-2017-2997
        RESERVED
 CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2994 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2993 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2992 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2991 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2990 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2989
        RESERVED
 CVE-2017-2988 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2987 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2986 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2985 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2983
        RESERVED
 CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe Flash
 CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2980 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2979 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2978 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2977 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2976 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2975 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2974 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2973 (Adobe Digital Editions versions 4.5.3 and earlier have an 
exploitable ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
        NOT-FOR-US: Adobe Acrobat Reader
 CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
@@ -8325,9 +8326,9 @@
 CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
        NOT-FOR-US: Adobe Acrobat Reader
 CVE-2017-2969 (Adobe Campaign versions 16.4 Build 8724 and earlier have a 
cross-site ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2968 (Adobe Campaign versions 16.4 Build 8724 and earlier have a code 
...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
        NOT-FOR-US: Adobe Acrobat Reader
 CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 
15.006.30244 ...)
@@ -65422,9 +65423,9 @@
        NOT-FOR-US: Vanilla Forums
 CVE-2015-8985 [potential denial of service in pop_fail_stack()]
        RESERVED
-       - glibc <unfixed> (bug #779392)
-       - eglibc <removed>
+       - glibc <unfixed> (unimportant; bug #779392)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163
+       NOTE: DoS via crafted regexps are not considered security issues by 
glibc upstream
 CVE-2015-8984 [potential application crash due to overread in fnmatch]
        RESERVED
        {DLA-316-1}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48946 - data/CVE

Reply via email to