Author: jmm
Date: 2017-08-11 15:58:22 +0000 (Fri, 11 Aug 2017)
New Revision: 54624

Modified:
   data/CVE/list
Log:
openjfx, torrent-rasterbar no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-11 15:19:30 UTC (rev 54623)
+++ data/CVE/list       2017-08-11 15:58:22 UTC (rev 54624)
@@ -6127,6 +6127,8 @@
        NOT-FOR-US: Easysite
 CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows 
remote ...)
        - libtorrent-rasterbar <unfixed> (bug #865845)
+       [stretch] - libtorrent-rasterbar <no-dsa> (Minor issue)
+       [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
        [wheezy] - libtorrent-rasterbar <not-affected> (new bdecode introduced 
in 1.1.0; vulnerable code not present)
        NOTE: https://github.com/arvidn/libtorrent/issues/2099
        NOTE: Fixed by: 
https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
@@ -7342,7 +7344,8 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE ...)
-       - openjfx <unfixed> (bug #870860)
+       - openjfx <unfixed> (low; bug #870860)
+       [stretch] - openjfx <no-dsa> (Limited to untrusted code, mediathekview 
only reverse dep in archive)
 CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of 
Oracle ...)
        NOT-FOR-US: Oracle
 CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle 
E-Business ...)
@@ -7439,7 +7442,8 @@
        - openjdk-6 <removed>
        [wheezy] - openjdk-6 <end-of-life>
 CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE ...)
-       - openjfx <unfixed> (bug #870860)
+       - openjfx <unfixed> (low; bug #870860)
+       [stretch] - openjfx <no-dsa> (Limited to untrusted code, mediathekview 
only reverse dep in archive)
 CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking 
component of ...)
        NOT-FOR-US: Oracle
 CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking 
component of ...)
@@ -43037,6 +43041,7 @@
        NOTE: Fix improved by: 
https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e
 CVE-2016-7164 (The construct function in puff.cpp in Libtorrent 1.1.0 allows 
remote ...)
        - libtorrent-rasterbar 1.1.1-1 (bug #837338)
+       [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
        [wheezy] - libtorrent-rasterbar <not-affected> (Vulnerable code not 
present, reproducer does not crash)
        NOTE: https://github.com/arvidn/libtorrent/issues/1021
        NOTE: https://github.com/arvidn/libtorrent/pull/1022
@@ -49824,6 +49829,7 @@
 CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 
allows ...)
        {DLA-511-1}
        - libtorrent-rasterbar 1.1.0-1 (bug #826380)
+       [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
        NOTE: https://github.com/arvidn/libtorrent/issues/780
        NOTE: https://github.com/arvidn/libtorrent/pull/782
 CVE-2016-5300 (The XML parser in Expat does not use sufficient entropy for 
hash ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to