[Secure-testing-commits] r56065 - in data: . CVE

Thorsten Alteholz Sat, 23 Sep 2017 10:29:29 -0700

Author: alteholz
Date: 2017-09-23 17:28:44 +0000 (Sat, 23 Sep 2017)
New Revision: 56065


Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
following the security team

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-23 17:24:34 UTC (rev 56064)
+++ data/CVE/list       2017-09-23 17:28:44 UTC (rev 56065)
@@ -1261,6 +1261,7 @@
 CVE-2017-14229 (There is an infinite loop in the jpc_dec_tileinit function in 
...)
        - jasper <removed>
        [jessie] - jasper <ignored> (Minor issue)
+       [wheezy] - jasper <ignored> (Minor issue)
        NOTE: https://github.com/mdadams/jasper/issues/146
        NOTE: Possible false-positive, cf. 
https://github.com/mdadams/jasper/issues/146#issuecomment-330674648
 CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal 
address access ...)
@@ -1582,6 +1583,7 @@
 CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of 
service ...)
        - jasper <removed> (low)
        [jessie] - jasper <ignored> (Minor issue)
+       [wheezy] - jasper <ignored> (Minor issue)
        NOTE: https://github.com/mdadams/jasper/issues/147
 CVE-2017-14131
        RESERVED
@@ -2535,6 +2537,7 @@
 CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in 
the ...)
        - jasper <removed> (low)
        [jessie] - jasper <ignored> (Minor issue)
+       [wheezy] - jasper <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287
 CVE-2017-13747 (There is a reachable assertion abort in the function 
jpc_floorlog2() in ...)
        - jasper <removed> (unimportant)
@@ -13474,6 +13477,7 @@
 CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of 
service ...)
        - jasper <removed>
        [jessie] - jasper <no-dsa> (Minor issue)
+       [wheezy] - jasper <no-dsa> (Minor issue)
        NOTE: https://github.com/mdadams/jasper/issues/140
 CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK 
versions ...)
        [experimental] - check-mk 1.4.0p9-1
@@ -26858,6 +26862,7 @@
 CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in 
...)
        - jasper <removed>
        [jessie] - jasper <no-dsa> (Minor issue)
+       [wheezy] - jasper <no-dsa> (Minor issue)
        NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
        NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
 CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 
2.0.13 ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-09-23 17:24:34 UTC (rev 56064)
+++ data/dla-needed.txt 2017-09-23 17:28:44 UTC (rev 56065)
@@ -43,11 +43,6 @@
 --
 imagemagick (Roberto C. Sánchez)
 --
-jasper
-  NOTE: 20170629, no patch available for the remaining CVEs yet, pinged 
upstream
-  NOTE: 20170708: re-pinged upstream (lamby)
-  NOTE: 20170813, no patches available yet
---
 lame (Hugo Lefeuvre)
   NOTE: 20170907: Upstream claims to have reproduced and fixed 
CVE-2017-{69-72}. asan outputs
   NOTE: are not exactly identical, wait for more infos.


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56065 - in data: . CVE

Reply via email to