[Secure-testing-commits] r56906 - data/CVE

Sat, 21 Oct 2017 07:15:50 -0700 

Author: jmm
Date: 2017-10-21 13:50:59 +0000 (Sat, 21 Oct 2017)
New Revision: 56906

Modified:
   data/CVE/list
Log:
investigated some lame issues, more to follow


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-21 13:00:56 UTC (rev 56905)
+++ data/CVE/list       2017-10-21 13:50:59 UTC (rev 56906)
@@ -1549,11 +1549,17 @@
        NOTE: https://github.com/antirez/redis/issues/4278
        NOTE: Pull request: https://github.com/antirez/redis/pull/4365
 CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in 
unpack_read_samples ...)
-       - lame <unfixed>
+       - lame 3.99.5+repack1-8
        NOTE: https://sourceforge.net/p/lame/bugs/479/
+       NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
+       NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
+       NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer 
in ...)
-       - lame <unfixed>
+       - lame 3.99.5+repack1-8
        NOTE: https://sourceforge.net/p/lame/bugs/478/
+       NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
+       NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
+       NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-15044
        RESERVED
 CVE-2017-15043
@@ -1673,8 +1679,11 @@
        - lame <unfixed>
        NOTE: https://sourceforge.net/p/lame/bugs/477/
 CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a 
malformed ...)
-       - lame <unfixed>
+       - lame 3.99.5+repack1-8
        NOTE: https://sourceforge.net/p/lame/bugs/480/
+       NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the 
input file, marking that as the fixed
+       NOTE: version, although the internal lame code was only fixed in 3.100 
(strictly speaking that would be
+       NOTE: severity:unimportant for stretch onwards, but we don't have 
suite-specific severity annotations
 CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference 
vulnerability in ...)
        {DLA-1131-1}
        - imagemagick <unfixed> (bug #878554)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to