[Secure-testing-commits] r58185 - data/CVE

Moritz Muehlenhoff Fri, 01 Dec 2017 07:45:03 -0800

Author: jmm
Date: 2017-12-01 15:44:29 +0000 (Fri, 01 Dec 2017)
New Revision: 58185


Modified:
   data/CVE/list
Log:
wireshark triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-12-01 15:38:34 UTC (rev 58184)
+++ data/CVE/list       2017-12-01 15:44:29 UTC (rev 58185)
@@ -45,8 +45,8 @@
        RESERVED
 CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in 
FFmpeg 3.4 ...)
        - ffmpeg <unfixed>
+       [stretch] - ffmpeg <postponed> (Can wait for the next 3.2.x release)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
-       TODO: check
 CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka 
libbfd), as ...)
        - binutils <unfixed>
        [stretch] - binutils <ignored> (Minor issue)
@@ -6865,6 +6865,8 @@
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html
 CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go 
into an ...)
        - wireshark 2.4.2-1 (low)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
        NOTE: https://code.wireshark.org/review/23663
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8
@@ -11036,6 +11038,8 @@
        NOTE: ImageMagick-6: 
https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
 CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the 
MSDP ...)
        - wireshark 2.4.1-1
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
@@ -11052,6 +11056,8 @@
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html
 CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a 
NULL ...)
        - wireshark 2.4.1-1
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html
@@ -18015,6 +18021,7 @@
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
 CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML 
...)
        - wireshark 2.4.0-1 (bug #870180)
+       [stretch] - wireshark <no-dsa> (Minor issue)
        [jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 
not applied)
        [wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 
not applied)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796
@@ -18041,6 +18048,8 @@
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html
 CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS 
dissector ...)
        - wireshark 2.4.0-1 (bug #870172)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html
@@ -22597,7 +22606,9 @@
 CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali 
...)
        NOT-FOR-US: Quali CloudShell
 CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion 
depth allows ...)
-       - wireshark 2.4.0-1 (bug #870175)
+       - wireshark 2.4.0-1 (low; bug #870175)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
 CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 
2.7.x and ...)
@@ -23179,9 +23190,13 @@
        NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
 CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack 
exhaustion ...)
        - wireshark 2.4.0-1 (low; bug #870174)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
 CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack 
exhaustion ...)
        - wireshark 2.4.0-1 (low; bug #870173)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
 CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and 
earlier ...)
        NOT-FOR-US: Cognito Software Moneyworks
@@ -23968,13 +23983,16 @@
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646
 CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. 
This was ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
        [jessie] - wireshark <not-affected> (Only affects 2.2.x)
        [wheezy] - wireshark <not-affected> (Only affects 2.2.x)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
 CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar 
dissector ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599
 CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP 
dissector ...)
@@ -23990,7 +24008,9 @@
        NOTE: the related commits from the CVE-2017-11411. Otherwise those 
releases
        NOTE: are opened to CVE-2017-11411, which exists because of an 
incomplete fix.
 CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM 
dissector ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
 CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past 
the end ...)
@@ -24001,24 +24021,33 @@
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
 CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with 
a NULL ...)
        - wireshark 2.2.7-1 (bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
        [jessie] - wireshark <not-affected> (Only affects 2.2.x)
        [wheezy] - wireshark <not-affected> (Only affects 2.2.x)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
 CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek 
dissector ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631
 CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS 
dissector ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
 CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth 
L2CAP ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701
 CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP 
dissector ...)
-       - wireshark 2.2.7-1 (bug #864058)
+       - wireshark 2.2.7-1 (low; bug #864058)
+       [stretch] - wireshark <no-dsa> (Minor issue)
+       [jessie] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725
 CVE-2017-9342


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58185 - data/CVE

Reply via email to