[Secure-testing-commits] r56937 - in data: . CVE

Thorsten Alteholz Tue, 24 Oct 2017 05:53:12 -0700

Author: alteholz
Date: 2017-10-24 12:52:33 +0000 (Tue, 24 Oct 2017)
New Revision: 56937


Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
follow security team and mark everything as <no-dsa>, patches still not 
available

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-24 09:26:33 UTC (rev 56936)
+++ data/CVE/list       2017-10-24 12:52:33 UTC (rev 56937)
@@ -10304,6 +10304,7 @@
        - libytnef <unfixed> (bug #870817)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/51
 CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the 
function ...)
        - libquicktime <unfixed> (unimportant)
@@ -10312,11 +10313,13 @@
        - libytnef <unfixed> (low; bug #870816)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/49
 CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was 
found in ...)
        - libytnef <unfixed> (low; bug #870815)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/50
 CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 
7.0.6-1 has an ...)
        {DLA-1081-1}
@@ -17825,30 +17828,35 @@
        - libytnef <unfixed> (low; bug #870192)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/40
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
 CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows 
remote ...)
        - libytnef <unfixed> (low; bug #870197)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/42
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
 CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows 
remote ...)
        - libytnef <unfixed> (low; bug #870193)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/41
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
 CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows 
remote ...)
        - libytnef <unfixed> (low; bug #870194)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/39
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
 CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows 
remote ...)
        - libytnef <unfixed> (low; bug #870196)
        [stretch] - libytnef <no-dsa> (Minor issue)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/37
        NOTE: 
https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
 CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly 
quoted DCC ...)
@@ -19077,6 +19085,7 @@
        - libytnef <unfixed> (bug #862707)
        [stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point 
update)
        [jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point 
update)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/47
 CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x 
does not ...)
        - tikiwiki <removed>
@@ -19468,6 +19477,7 @@
 CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based 
buffer ...)
        - libytnef 1.9.2-2 (low; bug #862556)
        [jessie] - libytnef <no-dsa> (Minor issue)
+       [wheezy] - libytnef <no-dsa> (Minor issue)
        NOTE: https://github.com/Yeraze/ytnef/issues/45
 CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 
2.1.13 ...)
        NOT-FOR-US: Joomla extension

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2017-10-24 09:26:33 UTC (rev 56936)
+++ data/dla-needed.txt 2017-10-24 12:52:33 UTC (rev 56937)
@@ -62,9 +62,6 @@
 libxml-libxml-perl
   NOTE: 20170702: no upstream fix yet, so no need to bother maintainer yet, 
sent email later
 --
-libytnef
-  NOTE: 20170813: patches missing
---
 linux
 --
 ming (Hugo Lefeuvre)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56937 - in data: . CVE

Reply via email to