diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-18 14:32:05 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-12-18 14:34:10 +0100 |
commit | cfbe36fb515381a8b2c961d131d8052826185c6f (patch) | |
tree | 79e074e7c18725efd355826c69e9dd10324bf9c7 /data/CVE/2017.list | |
parent | f99b5a5f48ffad7bdc74e071b78eedb5cb738fd9 (diff) |
libsass triage
Diffstat (limited to 'data/CVE/2017.list')
-rw-r--r-- | data/CVE/2017.list | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index f976aaf924..de73047cc4 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -16940,16 +16940,11 @@ CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in l CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...) NOT-FOR-US: Apache2Triad CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397 + NOTE: Bogus report against historic libsass version CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335 - NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed - NOTE: with the upstream patch for CVE-2017-11555. + NOTE: Bogus report against historic libsass version CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...) - - libsass <undetermined> (low; bug #873034) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331 + NOTE: Bogus report against historic libsass version CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...) - pspp 1.0.1-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436 @@ -20906,8 +20901,7 @@ CVE-2017-11607 CVE-2017-11606 RESERVED CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...) - - libsass <undetermined> (bug #870184) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019 + NOTE: Bogus report against historic libsass version CVE-2017-11604 RESERVED CVE-2017-11603 @@ -21711,11 +21705,9 @@ CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHIC [wheezy] - chicken <no-dsa> (Minor issue) NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...) - - libsass <undetermined> (bug #868577) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722 + NOTE: Bogus report against historic libsass version CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...) - - libsass <undetermined> (bug #868577) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714 + NOTE: Bogus report against historic libsass version CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...) - exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) NOTE: https://github.com/Exiv2/exiv2/issues/53 @@ -23672,8 +23664,7 @@ CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDir NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712 NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...) - - libsass <undetermined> (low; bug #866672) - NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411 + NOTE: Bogus report against historic libsass version CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...) {DLA-1041-1} - nasm 2.13.02-0.1 (bug #867988) |