Author: jmm Date: 2017-02-15 11:58:53 +0000 (Wed, 15 Feb 2017) New Revision: 48946
Modified: data/CVE/list Log: glibc regex issue unimportant mysql no-dsa NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-02-15 11:06:05 UTC (rev 48945) +++ data/CVE/list 2017-02-15 11:58:53 UTC (rev 48946) @@ -7407,6 +7407,7 @@ - mysql-5.7 <not-affected> (Fixed before initial release in Debian) - mysql-5.6 <not-affected> (Fixed before initial release in Debian) - mysql-5.5 <removed> (bug #854713) + [jessie] - mysql-5.5 <no-dsa> (Can wait until the next Oracle CPU) NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93 NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5 NOTE: https://bugs.mysql.com/bug.php?id=70429 @@ -8271,53 +8272,53 @@ CVE-2017-2997 RESERVED CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2994 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2993 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2992 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2991 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2990 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2989 RESERVED CVE-2017-2988 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2987 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2986 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2985 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2983 RESERVED CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe Flash CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2980 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2979 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2978 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2977 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2976 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2975 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2974 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2973 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) @@ -8325,9 +8326,9 @@ CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2969 (Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2968 (Adobe Campaign versions 16.4 Build 8724 and earlier have a code ...) - TODO: check + NOT-FOR-US: Adobe CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) @@ -65422,9 +65423,9 @@ NOT-FOR-US: Vanilla Forums CVE-2015-8985 [potential denial of service in pop_fail_stack()] RESERVED - - glibc <unfixed> (bug #779392) - - eglibc <removed> + - glibc <unfixed> (unimportant; bug #779392) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163 + NOTE: DoS via crafted regexps are not considered security issues by glibc upstream CVE-2015-8984 [potential application crash due to overread in fnmatch] RESERVED {DLA-316-1} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits