Author: jmm Date: 2017-08-11 15:58:22 +0000 (Fri, 11 Aug 2017) New Revision: 54624
Modified: data/CVE/list Log: openjfx, torrent-rasterbar no-dsa Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-11 15:19:30 UTC (rev 54623) +++ data/CVE/list 2017-08-11 15:58:22 UTC (rev 54624) @@ -6127,6 +6127,8 @@ NOT-FOR-US: Easysite CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote ...) - libtorrent-rasterbar <unfixed> (bug #865845) + [stretch] - libtorrent-rasterbar <no-dsa> (Minor issue) + [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue) [wheezy] - libtorrent-rasterbar <not-affected> (new bdecode introduced in 1.1.0; vulnerable code not present) NOTE: https://github.com/arvidn/libtorrent/issues/2099 NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db @@ -7342,7 +7344,8 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE ...) - - openjfx <unfixed> (bug #870860) + - openjfx <unfixed> (low; bug #870860) + [stretch] - openjfx <no-dsa> (Limited to untrusted code, mediathekview only reverse dep in archive) CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle E-Business ...) @@ -7439,7 +7442,8 @@ - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE ...) - - openjfx <unfixed> (bug #870860) + - openjfx <unfixed> (low; bug #870860) + [stretch] - openjfx <no-dsa> (Limited to untrusted code, mediathekview only reverse dep in archive) CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) NOT-FOR-US: Oracle CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...) @@ -43037,6 +43041,7 @@ NOTE: Fix improved by: https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e CVE-2016-7164 (The construct function in puff.cpp in Libtorrent 1.1.0 allows remote ...) - libtorrent-rasterbar 1.1.1-1 (bug #837338) + [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue) [wheezy] - libtorrent-rasterbar <not-affected> (Vulnerable code not present, reproducer does not crash) NOTE: https://github.com/arvidn/libtorrent/issues/1021 NOTE: https://github.com/arvidn/libtorrent/pull/1022 @@ -49824,6 +49829,7 @@ CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 allows ...) {DLA-511-1} - libtorrent-rasterbar 1.1.0-1 (bug #826380) + [jessie] - libtorrent-rasterbar <no-dsa> (Minor issue) NOTE: https://github.com/arvidn/libtorrent/issues/780 NOTE: https://github.com/arvidn/libtorrent/pull/782 CVE-2016-5300 (The XML parser in Expat does not use sufficient entropy for hash ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits