Skip to content
GitLab
Explore
Sign in
Register
Commits on Source (2)
libvpx/jessie triage
· 40394383
Moritz Muehlenhoff
authored
Feb 27, 2018
elinks no-dsa
40394383
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
· 4bce8361
Moritz Muehlenhoff
authored
Feb 27, 2018
4bce8361
Show whitespace changes
Inline
Side-by-side
data/CVE/list
View file @
4bce8361
...
...
@@ -304,7 +304,9 @@ CVE-2018-7423
CVE-2017-18195 (An issue was discovered in tools/conversations/view_ajax.php in ...)
NOT-FOR-US: Concrete5
CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
- elinks <unfixed> (bug #891575)
- elinks <unfixed> (low; bug #891575)
[stretch] - elinks <ignored> (Minor issue)
[jessie] - elinks <ignored> (Minor issue)
- links2 2.6-1 (bug #694658; bug #510417)
NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html
NOTE: tested links2 against badssl.com, no apparent issue back in wheezy
...
...
@@ -69535,6 +69537,7 @@ CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a rem
NOT-FOR-US: Android Telephony
CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could ...)
- libvpx 1.6.1-1
[jessie] - libvpx <ignored> (Minor issue)
[wheezy] - libvpx <no-dsa> (Minor issue)
NOTE: probably fixed earlier, but this was the version checked
NOTE: The wheezy source is confirmed (by code inspection) to be vulnerable.
...
...
@@ -79553,10 +79556,13 @@ CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Androi
NOT-FOR-US: Android Mediaserver
CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
- libvpx 1.6.1-1
[jessie] - libvpx <ignored> (Minpr issue)
[wheezy] - libvpx <not-affected> (Vulnerable code not present)
NOTE: probably fixed earlier, but this was the version checked
NOTE: https://android.googlesource.com/platform/external/libvpx/+/fdb1b40e7bb147c07bda988c9501ad223795d12d
CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
- libvpx 1.6.1-1
[jessie] - libvpx <ignored> (Minpr issue)
[wheezy] - libvpx <no-dsa> (Minor issue)
NOTE: probably fixed earlier, but this was the version checked
NOTE: Wheezy is confirmed (by code inspection) to have vulnerable source.
...
...
@@ -89500,8 +89506,10 @@ CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-
NOT-FOR-US: Android
CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx ...)
- libvpx 1.6.1-1
[jessie] - libvpx <ignored> (Minor issue)
[wheezy] - libvpx <not-affected> (Vulnerable source not present)
NOTE: probably fixed earlier, but this was the version checked
NOTE: https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da
CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in ...)
NOT-FOR-US: libstagefright
CVE-2016-3879 (arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before ...)
