[Secure-testing-commits] r56666 - in data: . CVE

Moritz Muehlenhoff Thu, 12 Oct 2017 14:15:08 -0700

Author: jmm
Date: 2017-10-12 21:14:48 +0000 (Thu, 12 Oct 2017)
New Revision: 56666


Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
libytnef no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-12 21:10:16 UTC (rev 56665)
+++ data/CVE/list       2017-10-12 21:14:48 UTC (rev 56666)
@@ -8925,15 +8925,21 @@
        NOTE: Negligable security impact
 CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the 
function ...)
        - libytnef <unfixed> (bug #870817)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/51
 CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the 
function ...)
        - libquicktime <unfixed> (unimportant)
        NOTE: Negligable security impact
 CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found 
in the ...)
-       - libytnef <unfixed> (bug #870816)
+       - libytnef <unfixed> (low; bug #870816)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/49
 CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was 
found in ...)
-       - libytnef <unfixed> (bug #870815)
+       - libytnef <unfixed> (low; bug #870815)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/50
 CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 
7.0.6-1 has an ...)
        {DLA-1081-1}
@@ -16311,23 +16317,33 @@
 CVE-2017-9475 (Comcast XFINITY WiFi Home Hotspot devices allow remote 
attackers to ...)
        NOT-FOR-US: Comcast XFINITY WiFi Home Hotspot devices
 CVE-2017-9474 (In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c 
allows remote ...)
-       - libytnef <unfixed> (bug #870192)
+       - libytnef <unfixed> (low; bug #870192)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/40
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
 CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows 
remote ...)
-       - libytnef <unfixed> (bug #870197)
+       - libytnef <unfixed> (low; bug #870197)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/42
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
 CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows 
remote ...)
-       - libytnef <unfixed> (bug #870193)
+       - libytnef <unfixed> (low; bug #870193)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/41
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
 CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows 
remote ...)
-       - libytnef <unfixed> (bug #870194)
+       - libytnef <unfixed> (low; bug #870194)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/39
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
 CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows 
remote ...)
-       - libytnef <unfixed> (bug #870196)
+       - libytnef <unfixed> (low; bug #870196)
+       [stretch] - libytnef <no-dsa> (Minor issue)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/37
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
 CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly 
quoted DCC ...)
@@ -17945,7 +17961,8 @@
 CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend 
Micro ...)
        NOT-FOR-US: Trend Micro
 CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based 
buffer ...)
-       - libytnef 1.9.2-2 (bug #862556)
+       - libytnef 1.9.2-2 (low; bug #862556)
+       [jessie] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/45
 CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 
2.1.13 ...)
        NOT-FOR-US: Joomla extension

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-10-12 21:10:16 UTC (rev 56665)
+++ data/dsa-needed.txt 2017-10-12 21:14:48 UTC (rev 56666)
@@ -31,8 +31,6 @@
 --
 libxml-libxml-perl (carnil)
 --
-libytnef
---
 linux
   Wait until more issues have piled up
 --


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56666 - in data: . CVE

Reply via email to