Author: apo Date: 2017-04-14 22:01:40 +0000 (Fri, 14 Apr 2017) New Revision: 50683
Modified: data/CVE/list Log: Triage elfutils for Wheezy CVE-2017-7607 and CVE-2017-7609 do not affect Wheezy, the rest is too minor Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-14 21:27:18 UTC (rev 50682) +++ data/CVE/list 2017-04-14 22:01:40 UTC (rev 50683) @@ -654,36 +654,43 @@ CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...) - elfutils <unfixed> (bug #859990) [jessie] - elfutils <no-dsa> (Minor issue) + [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/ CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...) - elfutils <unfixed> (bug #859991) [jessie] - elfutils <no-dsa> (Minor issue) + [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/ CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...) - elfutils <unfixed> (bug #859992) [jessie] - elfutils <no-dsa> (Minor issue) + [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/ CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...) - elfutils <unfixed> (bug #859993) [jessie] - elfutils <no-dsa> (Minor issue) + [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/ CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compression ...) - elfutils <unfixed> (bug #859994) [jessie] - elfutils <not-affected> (Vulnerable code not present) + [wheezy] - elfutils <not-affected> (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/ CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...) - elfutils <unfixed> (bug #859995) [jessie] - elfutils <no-dsa> (Minor issue) + [wheezy] - elfutils <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/ CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows ...) - elfutils <unfixed> (bug #859996) [jessie] - elfutils <no-dsa> (Minor issue) + [wheezy] - elfutils <not-affected> (vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21299 NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/ CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits