Author: jmm
Date: 2017-12-07 20:59:36 +0000 (Thu, 07 Dec 2017)
New Revision: 58339
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
various no-dsa
add two openssl and sqlite to dsa-needed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-07 19:29:48 UTC (rev 58338)
+++ data/CVE/list 2017-12-07 20:59:36 UTC (rev 58339)
@@ -1,8 +1,12 @@
CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1
may lead ...)
- - libsndfile <unfixed>
+ - libsndfile <unfixed> (low)
+ [stretch] - libsndfile <no-dsa> (Minor issue)
+ [jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/344
CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1
may lead ...)
- - libsndfile <unfixed>
+ - libsndfile <unfixed> (low)
+ [stretch] - libsndfile <no-dsa> (Minor issue)
+ [jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/344
CVE-2017-17455
RESERVED
@@ -3605,7 +3609,9 @@
CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers
to execute ...)
NOT-FOR-US: DBL DBLTek devices
CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a
chown ...)
- - icinga2 <unfixed> (bug #883247)
+ - icinga2 <unfixed> (low; bug #883247)
+ [stretch] - icinga2 <no-dsa> (Minor issue)
+ [jessie] - icinga2 <no-dsa> (Minor issue)
NOTE: https://github.com/Icinga/icinga2/issues/5793
CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote
authenticated users ...)
- cacti 0.8.8h+ds1-5 (bug #833420)
@@ -3936,8 +3942,9 @@
NOTE: https://github.com/upx/upx/issues/146
NOTE: crash in CLI tool, no security impact
CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c
does not ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/52
+ NOTE: Crash in CLI tool, no security impact
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
NOT-FOR-US: Amazon Key
CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded
from redis ...)
@@ -4020,23 +4027,31 @@
CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
NOT-FOR-US: nodejs ejs
CVE-2017-1000187 (In SWFTools, an address access exception was found in
pdf2swf. ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/36
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/34
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf.
...)
- swftools <unfixed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ [jessie] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/33
CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/30
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...)
- swftools <unfixed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ [jessie] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/23
CVE-2017-1000174 (In SWFTools, an address access exception was found in
swfdump ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/21
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code
Execution. ...)
NOT-FOR-US: Creolabs Gravity
CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code
execution. ...)
@@ -4449,17 +4464,23 @@
NOT-FOR-US: CMS Made Simple
CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not
properly ...)
- swftools <unfixed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ [jessie] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/51
CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not
check ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/51
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-16795
RESERVED
CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not
properly ...)
- - swftools <unfixed>
+ - swftools <unfixed> (unimportant)
NOTE: https://github.com/matthiaskramm/swftools/issues/50
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2
does not ...)
- swftools <unfixed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ [jessie] - swftools <no-dsa> (Minor issue)
NOTE: https://github.com/matthiaskramm/swftools/issues/47
CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in
"geminabox" (Gem in ...)
NOT-FOR-US: geminabox
@@ -4630,9 +4651,9 @@
CVE-2017-16712
RESERVED
CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in
lib/modules/swfbits.c ...)
- - swftools <unfixed> (bug #881390)
- [wheezy] - swftools <no-dsa> (Minor issue)
+ - swftools <unfixed> (unimportant; bug #881390)
NOTE: https://github.com/matthiaskramm/swftools/issues/46
+ NOTE: Crash in CLI tool, no security implications
CVE-2017-16710
RESERVED
CVE-2017-16709
@@ -5569,6 +5590,8 @@
NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site
scripting ...)
- pluxml <unfixed> (bug #881796)
+ [jessie] - pluxml <no-dsa> (Minor issue)
+ [stretch] - pluxml <no-dsa> (Minor issue)
NOTE: https://github.com/pluxml/PluXml/issues/253
CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is
vulnerable to CSRF ...)
NOT-FOR-US: Jenkins plugin
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-12-07 19:29:48 UTC (rev 58338)
+++ data/dsa-needed.txt 2017-12-07 20:59:36 UTC (rev 58339)
@@ -31,6 +31,8 @@
linux
Wait until more issues have piled up
--
+openssl1.0/stable
+--
otrs2
--
php-horde-image
@@ -51,6 +53,8 @@
--
simplesamlphp
--
+sqlite3/oldstable
+--
tiff
wait until more issues are around
--
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
