teusink / Home-Security-by-Pi

Description on how I configured the installation and Security of Raspberry Pi and how I keep it fit for use and purpose.
MIT License
40 stars 11 forks source link

Security Audit: debsecan Security Vulnerabilities tool #28

Closed teusink closed 6 years ago

teusink commented 6 years ago

Security Audit: debsecan Security Vulnerabilities tool

Audit ran on: 25-12-2017

Sources:

Suggestions:

CVE-2017-14632 (fixed, remotely exploitable, high urgency) Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ... installed: libvorbisfile3 1.3.5-4 (built from libvorbis 1.3.5-4) fixed in unstable: libvorbis 1.3.5-4.1 (source package) fixed on branch: libvorbis 0 (source package) fixed on branch: libvorbis 1.3.2-1.3 (source package) fixed on branch: libvorbis 1.3.4-2 (source package) fix is available for the selected suite (sid)

CVE-2017-14633 (fixed, remotely exploitable, medium urgency) In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ... installed: libvorbisfile3 1.3.5-4 (built from libvorbis 1.3.5-4) fixed in unstable: libvorbis 1.3.5-4.1 (source package) fix is available for the selected suite (sid)

CVE-2017-17087 (fixed, low urgency) fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ... installed: vim-tiny 2:8.0.0197-4+deb9u1 (built from vim 2:8.0.0197-4+deb9u1) fixed in unstable: vim 2:8.0.1401-1 (source package) fix is available for the selected suite (sid)

CVE-2017-16879 (fixed, remotely exploitable, medium urgency) Stack-based buffer overflow in the _nc_write_entry function in ... installed: libncurses5 6.0+20161126-1+deb9u1 (built from ncurses 6.0+20161126-1+deb9u1) fixed in unstable: ncurses 6.0+20171125-1 (source package) fix is available for the selected suite (sid)

CVE-2017-16879 (fixed, remotely exploitable, medium urgency) Stack-based buffer overflow in the _nc_write_entry function in ... installed: ncurses-term 6.0+20161126-1+deb9u1 (built from ncurses 6.0+20161126-1+deb9u1) fixed in unstable: ncurses 6.0+20171125-1 (source package) fix is available for the selected suite (sid)

CVE-2017-16879 (fixed, remotely exploitable, medium urgency) Stack-based buffer overflow in the _nc_write_entry function in ... installed: libtinfo5 6.0+20161126-1+deb9u1 (built from ncurses 6.0+20161126-1+deb9u1) fixed in unstable: ncurses 6.0+20171125-1 (source package) fix is available for the selected suite (sid)

CVE-2017-13135 (fixed, remotely exploitable, medium urgency) A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ... installed: libx265-95 2.1-2 (built from x265 2.1-2) package is obsolete fixed in unstable: x265 2.6-3 (source package) fix is available for the selected suite (sid)

CVE-2017-15908 (fixed, remotely exploitable, medium urgency) In systemd 223 through 235, a remote DNS server can respond with a ... installed: libudev1 232-25+deb9u1 (built from systemd 232-25+deb9u1) fixed in unstable: systemd 235-3 (source package) fixed on branch: systemd 0 (source package) fixed on branch: systemd 215-17+deb8u6 (source package) fixed on branch: systemd 215-17+deb8u7 (source package) fixed on branch: systemd 44-11+deb7u4 (source package) fixed on branch: systemd 44-11+deb7u5 (source package) fix is available for the selected suite (sid)

CVE-2017-11462 (fixed, remotely exploitable, low urgency) Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ... installed: libk5crypto3 1.15-1+deb9u1 (built from krb5 1.15-1+deb9u1) fixed in unstable: krb5 1.15.2-1 (source package) fix is available for the selected suite (sid)

CVE-2017-10971 (fixed, remotely exploitable, medium urgency) In the X.Org X server before 2017-06-19, a user authenticated to an X ... installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.3-2 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u7 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u1 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u1 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-10972 (fixed, remotely exploitable, medium urgency) Uninitialized data in endianness conversion in the XEvent handling of ... installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.3-2 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u7 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u1 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u1 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12176 (fixed) Unvalidated extra length in ProcEstablishConnection installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12177 (fixed) dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12178 (fixed) Xi: fix wrong extra length check in ProcXIChangeHierarchy installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12180 (fixed) hw/xfree86: unvalidated lengths installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12182 (fixed) hw/xfree86: unvalidated lengths installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12183 (fixed) xfixes: unvalidated lengths installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12184 (fixed) Unvalidated lengths installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12185 (fixed)

installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12187 (fixed)

installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-13721 (fixed, low urgency) In X.Org Server (aka xserver and xorg-server) before 1.19.4, an ... installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.4-1 (source package) fixed on branch: xorg-server 0 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u2 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u5 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u6 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u7 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-13723 (fixed, medium urgency) In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local ... installed: xserver-common 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.4-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2016-1626 (fixed, remotely exploitable, medium urgency) The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in ... installed: libopenjp2-7 2.1.2-1.1+deb9u2 (built from openjpeg2 2.1.2-1.1+deb9u2) fixed in unstable: openjpeg2 2.1.2-1.2 (source package) fix is available for the selected suite (sid)

CVE-2016-9112 (fixed, remotely exploitable, medium urgency) Floating Point Exception (aka FPE or divide by zero) in ... installed: libopenjp2-7 2.1.2-1.1+deb9u2 (built from openjpeg2 2.1.2-1.1+deb9u2) fixed in unstable: openjpeg2 2.1.2-1.2 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: libc6-dbg 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-12678 (fixed, remotely exploitable, medium urgency) In TagLib 1.11.1, the rebuildAggregateFrames function in ... installed: libtag1v5 1.11.1+dfsg.1-0.1 (built from taglib 1.11.1+dfsg.1-0.1) fixed in unstable: taglib 1.11.1+dfsg.1-0.2 (source package) fixed on branch: taglib 0 (source package) fixed on branch: taglib 1.7.2-1 (source package) fixed on branch: taglib 1.9.1-2.1 (source package) fix is available for the selected suite (sid)

CVE-2017-15908 (fixed, remotely exploitable, medium urgency) In systemd 223 through 235, a remote DNS server can respond with a ... installed: libpam-systemd 232-25+deb9u1 (built from systemd 232-25+deb9u1) fixed in unstable: systemd 235-3 (source package) fixed on branch: systemd 0 (source package) fixed on branch: systemd 215-17+deb8u6 (source package) fixed on branch: systemd 215-17+deb8u7 (source package) fixed on branch: systemd 44-11+deb7u4 (source package) fixed on branch: systemd 44-11+deb7u5 (source package) fix is available for the selected suite (sid)

CVE-2017-11464 (fixed, remotely exploitable, medium urgency) A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in ... installed: librsvg2-2 2.40.16-1 (built from librsvg 2.40.16-1) fixed in unstable: librsvg 2.40.18-1 (source package) fixed on branch: librsvg 0 (source package) fixed on branch: librsvg 2.36.1-2 (source package) fixed on branch: librsvg 2.36.1-2+deb7u1 (source package) fixed on branch: librsvg 2.36.1-2+deb7u2 (source package) fixed on branch: librsvg 2.40.5-1+deb8u1 (source package) fixed on branch: librsvg 2.40.5-1+deb8u2 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libavresample3 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libavutil55 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-17087 (fixed, low urgency) fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ... installed: xxd 2:8.0.0197-4+deb9u1 (built from vim 2:8.0.0197-4+deb9u1) fixed in unstable: vim 2:8.0.1401-1 (source package) fix is available for the selected suite (sid)

CVE-2017-16879 (fixed, remotely exploitable, medium urgency) Stack-based buffer overflow in the _nc_write_entry function in ... installed: libncursesw5 6.0+20161126-1+deb9u1 (built from ncurses 6.0+20161126-1+deb9u1) fixed in unstable: ncurses 6.0+20171125-1 (source package) fix is available for the selected suite (sid)

CVE-2016-10209 (fixed, remotely exploitable, medium urgency) The archive_wstring_append_from_mbs function in archive_string.c in ... installed: libarchive13 3.2.2-2 (built from libarchive 3.2.2-2) fixed in unstable: libarchive 3.2.2-3.1 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2016-10349 (fixed, remotely exploitable, medium urgency) The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ... installed: libarchive13 3.2.2-2 (built from libarchive 3.2.2-2) fixed in unstable: libarchive 3.2.2-3.1 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2016-10350 (fixed, remotely exploitable, medium urgency) The archive_read_format_cab_read_header function in ... installed: libarchive13 3.2.2-2 (built from libarchive 3.2.2-2) fixed in unstable: libarchive 3.2.2-3.1 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14166 (fixed, remotely exploitable, medium urgency) libarchive 3.3.2 allows remote attackers to cause a denial of service ... installed: libarchive13 3.2.2-2 (built from libarchive 3.2.2-2) fixed in unstable: libarchive 3.2.2-3.1 (source package) fixed on branch: libarchive 3.0.4-3+wheezy6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7018 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7030 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7034 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7037 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7039 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7046 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7048 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7055 (fixed, remotely exploitable, high urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7056 (fixed, remotely exploitable, high urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7061 (fixed, remotely exploitable, high urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7064 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libwebkit2gtk-4.0-37 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: multiarch-support 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-15908 (fixed, remotely exploitable, medium urgency) In systemd 223 through 235, a remote DNS server can respond with a ... installed: systemd-sysv 232-25+deb9u1 (built from systemd 232-25+deb9u1) fixed in unstable: systemd 235-3 (source package) fixed on branch: systemd 0 (source package) fixed on branch: systemd 215-17+deb8u6 (source package) fixed on branch: systemd 215-17+deb8u7 (source package) fixed on branch: systemd 44-11+deb7u4 (source package) fixed on branch: systemd 44-11+deb7u5 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libavfilter6 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000422 (fixed) Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer ... installed: libgdk-pixbuf2.0-0 2.36.5-2+deb9u1 (built from gdk-pixbuf 2.36.5-2+deb9u1) fixed in unstable: gdk-pixbuf 2.36.11-1 (source package) fixed on branch: gdk-pixbuf 2.26.1-1+deb7u7 (source package) fixed on branch: gdk-pixbuf 2.26.1-1+deb7u8 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libavcodec57 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000250 (fixed, remotely exploitable, low urgency) All versions of the SDP server in BlueZ 5.46 and earlier are ... installed: libbluetooth3 5.43-2+rpt2+deb9u2 (built from bluez 5.43-2+rpt2+deb9u2) fixed in unstable: bluez 5.46-1 (source package) fixed on branch: bluez 4.99-2+deb7u1 (source package) fixed on branch: bluez 5.23-2+deb8u1 (source package) fixed on branch: bluez 5.43-2+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9218 (fixed, remotely exploitable, medium urgency) The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9219 (fixed, remotely exploitable, medium urgency) The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9220 (fixed, remotely exploitable, medium urgency) The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9221 (fixed, remotely exploitable, medium urgency) The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9222 (fixed, remotely exploitable, high urgency) The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9223 (fixed, remotely exploitable, medium urgency) The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9253 (fixed, remotely exploitable, high urgency) The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9254 (fixed, remotely exploitable, high urgency) The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9255 (fixed, remotely exploitable, high urgency) The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9256 (fixed, remotely exploitable, high urgency) The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9257 (fixed, remotely exploitable, high urgency) The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware ... installed: libfaad2 2.8.0~cvs20161113-1 (built from faad2 2.8.0~cvs20161113-1) fixed in unstable: faad2 2.8.1-1 (source package) fixed on branch: faad2 2.7-8+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-15908 (fixed, remotely exploitable, medium urgency) In systemd 223 through 235, a remote DNS server can respond with a ... installed: libsystemd0 232-25+deb9u1 (built from systemd 232-25+deb9u1) fixed in unstable: systemd 235-3 (source package) fixed on branch: systemd 0 (source package) fixed on branch: systemd 215-17+deb8u6 (source package) fixed on branch: systemd 215-17+deb8u7 (source package) fixed on branch: systemd 44-11+deb7u4 (source package) fixed on branch: systemd 44-11+deb7u5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: libc6 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-1000422 (fixed) Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer ... installed: gir1.2-gdkpixbuf-2.0 2.36.5-2+deb9u1 (built from gdk-pixbuf 2.36.5-2+deb9u1) fixed in unstable: gdk-pixbuf 2.36.11-1 (source package) fixed on branch: gdk-pixbuf 2.26.1-1+deb7u7 (source package) fixed on branch: gdk-pixbuf 2.26.1-1+deb7u8 (source package) fix is available for the selected suite (sid)

CVE-2017-1000422 (fixed) Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer ... installed: libgdk-pixbuf2.0-common 2.36.5-2+deb9u1 (built from gdk-pixbuf 2.36.5-2+deb9u1) fixed in unstable: gdk-pixbuf 2.36.11-1 (source package) fixed on branch: gdk-pixbuf 2.26.1-1+deb7u7 (source package) fixed on branch: gdk-pixbuf 2.26.1-1+deb7u8 (source package) fix is available for the selected suite (sid)

CVE-2017-11335 (fixed, remotely exploitable, medium urgency) There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF ... installed: libtiff5 4.0.8-2+deb9u1 (built from tiff 4.0.8-2+deb9u1) fixed in unstable: tiff 4.0.8-4 (source package) fixed on branch: tiff 4.0.2-6+deb7u16 (source package) fixed on branch: tiff 4.0.2-6+deb7u17 (source package) fix is available for the selected suite (sid)

CVE-2017-12944 (fixed, remotely exploitable, medium urgency) The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 ... installed: libtiff5 4.0.8-2+deb9u1 (built from tiff 4.0.8-2+deb9u1) fixed in unstable: tiff 4.0.8-6 (source package) fixed on branch: tiff 4.0.2-6+deb7u16 (source package) fixed on branch: tiff 4.0.2-6+deb7u17 (source package) fix is available for the selected suite (sid)

CVE-2017-13726 (fixed, remotely exploitable, medium urgency) There is a reachable assertion abort in the function ... installed: libtiff5 4.0.8-2+deb9u1 (built from tiff 4.0.8-2+deb9u1) fixed in unstable: tiff 4.0.8-5 (source package) fixed on branch: tiff 4.0.2-6+deb7u16 (source package) fixed on branch: tiff 4.0.2-6+deb7u17 (source package) fix is available for the selected suite (sid)

CVE-2017-13727 (fixed, remotely exploitable, medium urgency) There is a reachable assertion abort in the function ... installed: libtiff5 4.0.8-2+deb9u1 (built from tiff 4.0.8-2+deb9u1) fixed in unstable: tiff 4.0.8-5 (source package) fixed on branch: tiff 4.0.2-6+deb7u16 (source package) fixed on branch: tiff 4.0.2-6+deb7u17 (source package) fix is available for the selected suite (sid)

CVE-2017-18013 (fixed, remotely exploitable, medium urgency) In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the ... installed: libtiff5 4.0.8-2+deb9u1 (built from tiff 4.0.8-2+deb9u1) fixed in unstable: tiff 4.0.9-3 (source package) fix is available for the selected suite (sid)

CVE-2017-9935 (fixed, remotely exploitable, medium urgency) In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ... installed: libtiff5 4.0.8-2+deb9u1 (built from tiff 4.0.8-2+deb9u1) fixed in unstable: tiff 4.0.9-2 (source package) fixed on branch: tiff 4.0.2-6+deb7u17 (source package) fix is available for the selected suite (sid)

CVE-2017-10268 (fixed, low urgency) Vulnerability in the MySQL Server component of Oracle MySQL ... installed: libmariadbclient18 10.1.23-9+deb9u1 (built from mariadb-10.1 10.1.23-9+deb9u1) fixed in unstable: mariadb-10.1 10.1.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-10378 (fixed, remotely exploitable, medium urgency) Vulnerability in the MySQL Server component of Oracle MySQL ... installed: libmariadbclient18 10.1.23-9+deb9u1 (built from mariadb-10.1 10.1.23-9+deb9u1) fixed in unstable: mariadb-10.1 10.1.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-3636 (fixed, medium urgency) Vulnerability in the MySQL Server component of Oracle MySQL ... installed: libmariadbclient18 10.1.23-9+deb9u1 (built from mariadb-10.1 10.1.23-9+deb9u1) fixed in unstable: mariadb-10.1 10.1.26-1 (source package) fixed on branch: mariadb-10.1 10.1.26-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-3641 (fixed, remotely exploitable, medium urgency) Vulnerability in the MySQL Server component of Oracle MySQL ... installed: libmariadbclient18 10.1.23-9+deb9u1 (built from mariadb-10.1 10.1.23-9+deb9u1) fixed in unstable: mariadb-10.1 10.1.26-1 (source package) fixed on branch: mariadb-10.1 10.1.26-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-3653 (fixed, remotely exploitable, low urgency) Vulnerability in the MySQL Server component of Oracle MySQL ... installed: libmariadbclient18 10.1.23-9+deb9u1 (built from mariadb-10.1 10.1.23-9+deb9u1) fixed in unstable: mariadb-10.1 10.1.26-1 (source package) fixed on branch: mariadb-10.1 10.1.26-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-0898 (fixed, remotely exploitable, medium urgency) Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ... installed: ruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-0903 (fixed, remotely exploitable, high urgency) RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ... installed: ruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-10784 (fixed, remotely exploitable, high urgency) The Basic authentication code in WEBrick library in Ruby before 2.2.8, ... installed: ruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-14033 (fixed, remotely exploitable, medium urgency) The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ... installed: ruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-17405 (fixed, remotely exploitable, high urgency) Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ... installed: ruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.6-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11661 (fixed, remotely exploitable, low urgency) The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI ... installed: libwildmidi2 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11662 (fixed, remotely exploitable, low urgency) The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ... installed: libwildmidi2 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11663 (fixed, remotely exploitable, low urgency) The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI ... installed: libwildmidi2 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11664 (fixed, remotely exploitable, low urgency) The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI ... installed: libwildmidi2 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-12596 (fixed, remotely exploitable, medium urgency) In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ... installed: libopenexr22 2.2.0-11 (built from openexr 2.2.0-11) fixed in unstable: openexr 2.2.0-11.1 (source package) fixed on branch: openexr 1.6.1-6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9110 (fixed, remotely exploitable, medium urgency) In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ... installed: libopenexr22 2.2.0-11 (built from openexr 2.2.0-11) fixed in unstable: openexr 2.2.0-11.1 (source package) fixed on branch: openexr 1.6.1-6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9112 (fixed, remotely exploitable, medium urgency) In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ... installed: libopenexr22 2.2.0-11 (built from openexr 2.2.0-11) fixed in unstable: openexr 2.2.0-11.1 (source package) fixed on branch: openexr 1.6.1-6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-9116 (fixed, remotely exploitable, medium urgency) In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ... installed: libopenexr22 2.2.0-11 (built from openexr 2.2.0-11) fixed in unstable: openexr 2.2.0-11.1 (source package) fixed on branch: openexr 1.6.1-6+deb7u1 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libswresample2 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11462 (fixed, remotely exploitable, low urgency) Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ... installed: libkrb5support0 1.15-1+deb9u1 (built from krb5 1.15-1+deb9u1) fixed in unstable: krb5 1.15.2-1 (source package) fix is available for the selected suite (sid)

CVE-2017-10971 (fixed, remotely exploitable, medium urgency) In the X.Org X server before 2017-06-19, a user authenticated to an X ... installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.3-2 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u7 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u1 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u1 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-10972 (fixed, remotely exploitable, medium urgency) Uninitialized data in endianness conversion in the XEvent handling of ... installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.3-2 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u7 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u1 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u1 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12176 (fixed) Unvalidated extra length in ProcEstablishConnection installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12177 (fixed) dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12178 (fixed) Xi: fix wrong extra length check in ProcXIChangeHierarchy installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12180 (fixed) hw/xfree86: unvalidated lengths installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12182 (fixed) hw/xfree86: unvalidated lengths installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12183 (fixed) xfixes: unvalidated lengths installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12184 (fixed) Unvalidated lengths installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12185 (fixed)

installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12187 (fixed)

installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.5-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-13721 (fixed, low urgency) In X.Org Server (aka xserver and xorg-server) before 1.19.4, an ... installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.4-1 (source package) fixed on branch: xorg-server 0 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u2 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u5 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u6 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u7 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-13723 (fixed, medium urgency) In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local ... installed: xserver-xorg-core 2:1.19.2-1+rpt1+deb9u2 (built from xorg-server 2:1.19.2-1+rpt1+deb9u2) fixed in unstable: xorg-server 2:1.19.4-1 (source package) fixed on branch: xorg-server 2:1.12.4-6+deb7u8 (source package) fixed on branch: xorg-server 2:1.16.4-1+deb8u2 (source package) fixed on branch: xorg-server 2:1.19.2-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-11464 (fixed, remotely exploitable, medium urgency) A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in ... installed: librsvg2-common 2.40.16-1 (built from librsvg 2.40.16-1) fixed in unstable: librsvg 2.40.18-1 (source package) fixed on branch: librsvg 0 (source package) fixed on branch: librsvg 2.36.1-2 (source package) fixed on branch: librsvg 2.36.1-2+deb7u1 (source package) fixed on branch: librsvg 2.36.1-2+deb7u2 (source package) fixed on branch: librsvg 2.40.5-1+deb8u1 (source package) fixed on branch: librsvg 2.40.5-1+deb8u2 (source package) fix is available for the selected suite (sid)

CVE-2017-15412 (fixed) use after free installed: libxml2 2.9.4+dfsg1-2.2+deb9u1 (built from libxml2 2.9.4+dfsg1-2.2+deb9u1) fixed in unstable: libxml2 2.9.4+dfsg1-5.2 (source package) fixed on branch: libxml2 2.8.0+dfsg1-7+wheezy12 (source package) fixed on branch: libxml2 2.9.1+dfsg1-5+deb8u6 (source package) fixed on branch: libxml2 2.9.4+dfsg1-2.2+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-5130 (fixed)

installed: libxml2 2.9.4+dfsg1-2.2+deb9u1 (built from libxml2 2.9.4+dfsg1-2.2+deb9u1) fixed in unstable: libxml2 2.9.4+dfsg1-5.1 (source package) fixed on branch: libxml2 2.8.0+dfsg1-7+wheezy10 (source package) fixed on branch: libxml2 2.8.0+dfsg1-7+wheezy11 (source package) fixed on branch: libxml2 2.8.0+dfsg1-7+wheezy12 (source package) fix is available for the selected suite (sid)

CVE-2017-5969 (fixed, remotely exploitable, low urgency) DISPUTED libxml2 2.9.4, when used in recover mode, allows remote ... installed: libxml2 2.9.4+dfsg1-2.2+deb9u1 (built from libxml2 2.9.4+dfsg1-2.2+deb9u1) fixed in unstable: libxml2 2.9.4+dfsg1-5.1 (source package) fix is available for the selected suite (sid)

CVE-2017-8872 (fixed, remotely exploitable, medium urgency) The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 ... installed: libxml2 2.9.4+dfsg1-2.2+deb9u1 (built from libxml2 2.9.4+dfsg1-2.2+deb9u1) fixed in unstable: libxml2 2.9.4+dfsg1-6.1 (source package) fix is available for the selected suite (sid)

CVE-2017-10790 (fixed, remotely exploitable, medium urgency) The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes ... installed: libtasn1-6 4.10-1.1 (built from libtasn1-6 4.10-1.1) fixed in unstable: libtasn1-6 4.12-2.1 (source package) fix is available for the selected suite (sid)

CVE-2017-11462 (fixed, remotely exploitable, low urgency) Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ... installed: libgssapi-krb5-2 1.15-1+deb9u1 (built from krb5 1.15-1+deb9u1) fixed in unstable: krb5 1.15.2-1 (source package) fix is available for the selected suite (sid)

CVE-2017-15906 (fixed, remotely exploitable, low urgency) The process_open function in sftp-server.c in OpenSSH before 7.6 does ... installed: ssh 1:7.4p1-10+deb9u2 (built from openssh 1:7.4p1-10+deb9u2) fixed in unstable: openssh 1:7.6p1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11661 (fixed, remotely exploitable, low urgency) The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI ... installed: libwildmidi-config 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11662 (fixed, remotely exploitable, low urgency) The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ... installed: libwildmidi-config 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11663 (fixed, remotely exploitable, low urgency) The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI ... installed: libwildmidi-config 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-11664 (fixed, remotely exploitable, low urgency) The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI ... installed: libwildmidi-config 0.4.0-2 (built from wildmidi 0.4.0-2) fixed in unstable: wildmidi 0.4.2-1 (source package) fixed on branch: wildmidi 0 (source package) fixed on branch: wildmidi 0.2.3.4-2.1 (source package) fixed on branch: wildmidi 0.3.7-1 (source package) fix is available for the selected suite (sid)

CVE-2017-12562 (fixed, remotely exploitable, high urgency) Heap-based Buffer Overflow in the psf_binheader_writef function in ... installed: libsndfile1 1.0.27-3 (built from libsndfile 1.0.27-3) fixed in unstable: libsndfile 1.0.28-3 (source package) fixed on branch: libsndfile 1.0.25-9.1+deb7u4 (source package) fix is available for the selected suite (sid)

CVE-2017-6892 (fixed, remotely exploitable, medium urgency) In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" ... installed: libsndfile1 1.0.27-3 (built from libsndfile 1.0.27-3) fixed in unstable: libsndfile 1.0.28-1 (source package) fixed on branch: libsndfile 1.0.25-9.1+deb7u3 (source package) fixed on branch: libsndfile 1.0.25-9.1+deb7u4 (source package) fix is available for the selected suite (sid)

CVE-2017-13712 (fixed, remotely exploitable, low urgency) NULL Pointer Dereference in the id3v2AddAudioDuration function in ... installed: libmp3lame0 3.99.5+repack1-9 (built from lame 3.99.5+repack1-9) fixed in unstable: lame 3.100-1 (source package) fix is available for the selected suite (sid)

CVE-2017-13704 (fixed, remotely exploitable, medium urgency) In dnsmasq before 2.78, if the DNS packet size does not match the ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u1 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14491 (fixed, remotely exploitable, high urgency) Heap-based buffer overflow in dnsmasq before 2.78 allows remote ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14492 (fixed, remotely exploitable, high urgency) Heap-based buffer overflow in dnsmasq before 2.78 allows remote ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14493 (fixed, remotely exploitable, high urgency) Stack-based buffer overflow in dnsmasq before 2.78 allows remote ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14494 (fixed, remotely exploitable, medium urgency) dnsmasq before 2.78, when configured as a relay, allows remote ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14495 (fixed, remotely exploitable, medium urgency) Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u1 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14496 (fixed, remotely exploitable, high urgency) Integer underflow in the add_pseudoheader function in dnsmasq before ... installed: dnsmasq 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u1 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-12424 (fixed, remotely exploitable, high urgency) In shadow before 4.5, the newusers tool could be made to manipulate ... installed: passwd 1:4.4-4.1 (built from shadow 1:4.4-4.1) fixed in unstable: shadow 1:4.5-1 (source package) fix is available for the selected suite (sid)

CVE-2017-15906 (fixed, remotely exploitable, low urgency) The process_open function in sftp-server.c in OpenSSH before 7.6 does ... installed: openssh-server 1:7.4p1-10+deb9u2 (built from openssh 1:7.4p1-10+deb9u2) fixed in unstable: openssh 1:7.6p1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-15906 (fixed, remotely exploitable, low urgency) The process_open function in sftp-server.c in OpenSSH before 7.6 does ... installed: openssh-sftp-server 1:7.4p1-10+deb9u2 (built from openssh 1:7.4p1-10+deb9u2) fixed in unstable: openssh 1:7.6p1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-16879 (fixed, remotely exploitable, medium urgency) Stack-based buffer overflow in the _nc_write_entry function in ... installed: ncurses-base 6.0+20161126-1+deb9u1 (built from ncurses 6.0+20161126-1+deb9u1) fixed in unstable: ncurses 6.0+20171125-1 (source package) fix is available for the selected suite (sid)

CVE-2017-12166 (fixed, remotely exploitable, medium urgency) OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ... installed: openvpn 2.4.0-6+deb9u2 (built from openvpn 2.4.0-6+deb9u2) fixed in unstable: openvpn 2.4.4-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: libc-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-15908 (fixed, remotely exploitable, medium urgency) In systemd 223 through 235, a remote DNS server can respond with a ... installed: udev 232-25+deb9u1 (built from systemd 232-25+deb9u1) fixed in unstable: systemd 235-3 (source package) fixed on branch: systemd 0 (source package) fixed on branch: systemd 215-17+deb8u6 (source package) fixed on branch: systemd 215-17+deb8u7 (source package) fixed on branch: systemd 44-11+deb7u4 (source package) fixed on branch: systemd 44-11+deb7u5 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libswscale4 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: libc-l10n 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-15908 (fixed, remotely exploitable, medium urgency) In systemd 223 through 235, a remote DNS server can respond with a ... installed: systemd 232-25+deb9u1 (built from systemd 232-25+deb9u1) fixed in unstable: systemd 235-3 (source package) fixed on branch: systemd 0 (source package) fixed on branch: systemd 215-17+deb8u6 (source package) fixed on branch: systemd 215-17+deb8u7 (source package) fixed on branch: systemd 44-11+deb7u4 (source package) fixed on branch: systemd 44-11+deb7u5 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libpostproc54 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-17087 (fixed, low urgency) fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ... installed: vim-common 2:8.0.0197-4+deb9u1 (built from vim 2:8.0.0197-4+deb9u1) fixed in unstable: vim 2:8.0.1401-1 (source package) fix is available for the selected suite (sid)

CVE-2017-13704 (fixed, remotely exploitable, medium urgency) In dnsmasq before 2.78, if the DNS packet size does not match the ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u1 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14491 (fixed, remotely exploitable, high urgency) Heap-based buffer overflow in dnsmasq before 2.78 allows remote ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14492 (fixed, remotely exploitable, high urgency) Heap-based buffer overflow in dnsmasq before 2.78 allows remote ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14493 (fixed, remotely exploitable, high urgency) Stack-based buffer overflow in dnsmasq before 2.78 allows remote ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14494 (fixed, remotely exploitable, medium urgency) dnsmasq before 2.78, when configured as a relay, allows remote ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14495 (fixed, remotely exploitable, medium urgency) Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u1 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-14496 (fixed, remotely exploitable, high urgency) Integer underflow in the add_pseudoheader function in dnsmasq before ... installed: dnsmasq-base 2.76-5+rpt1+deb9u1 (built from dnsmasq 2.76-5+rpt1+deb9u1) fixed in unstable: dnsmasq 2.78-1 (source package) fixed on branch: dnsmasq 0 (source package) fixed on branch: dnsmasq 2.62-3+deb7u2 (source package) fixed on branch: dnsmasq 2.62-3+deb7u3 (source package) fixed on branch: dnsmasq 2.62-3+deb7u4 (source package) fixed on branch: dnsmasq 2.72-3+deb8u1 (source package) fixed on branch: dnsmasq 2.72-3+deb8u2 (source package) fixed on branch: dnsmasq 2.76-5+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7018 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7030 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7034 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7037 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7039 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7046 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7048 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7055 (fixed, remotely exploitable, high urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7056 (fixed, remotely exploitable, high urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7061 (fixed, remotely exploitable, high urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-7064 (fixed, remotely exploitable, medium urgency) An issue was discovered in certain Apple products. iOS before 10.3.3 ... installed: libjavascriptcoregtk-4.0-18 2.16.6-0+deb9u1+rpi1 (built from webkit2gtk 2.16.6-0+deb9u1+rpi1) fixed in unstable: webkit2gtk 2.16.6-1 (source package) fixed on branch: webkit2gtk 2.16.6-0+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-11462 (fixed, remotely exploitable, low urgency) Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ... installed: libkrb5-3 1.15-1+deb9u1 (built from krb5 1.15-1+deb9u1) fixed in unstable: krb5 1.15.2-1 (source package) fix is available for the selected suite (sid)

CVE-2017-12448 (fixed, remotely exploitable, medium urgency) The bfd_cache_close function in bfd/cache.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12449 (fixed, remotely exploitable, medium urgency) The _bfd_vms_save_sized_string function in vms-misc.c in the Binary ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-8 (source package) fix is available for the selected suite (sid)

CVE-2017-12450 (fixed, remotely exploitable, medium urgency) The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12451 (fixed, remotely exploitable, medium urgency) The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12452 (fixed, remotely exploitable, medium urgency) The bfd_mach_o_i386_canonicalize_one_reloc function in ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12453 (fixed, remotely exploitable, medium urgency) The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12454 (fixed, remotely exploitable, medium urgency) The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12455 (fixed, remotely exploitable, medium urgency) The evax_bfd_print_emh function in vms-alpha.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-8 (source package) fix is available for the selected suite (sid)

CVE-2017-12456 (fixed, remotely exploitable, medium urgency) The read_symbol_stabs_debugging_info function in rddbg.c in GNU ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12457 (fixed, remotely exploitable, medium urgency) The bfd_make_section_with_flags function in section.c in the Binary ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-8 (source package) fix is available for the selected suite (sid)

CVE-2017-12458 (fixed, remotely exploitable, medium urgency) The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-8 (source package) fix is available for the selected suite (sid)

CVE-2017-12459 (fixed, remotely exploitable, medium urgency) The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-8 (source package) fix is available for the selected suite (sid)

CVE-2017-12799 (fixed, remotely exploitable, medium urgency) The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-12967 (fixed, remotely exploitable, medium urgency) The getsym function in tekhex.c in the Binary File Descriptor (BFD) ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-5 (source package) fix is available for the selected suite (sid)

CVE-2017-13710 (fixed, remotely exploitable, medium urgency) The setup_group function in elf.c in the Binary File Descriptor (BFD) ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-13757 (fixed, remotely exploitable, medium urgency) The Binary File Descriptor (BFD) library (aka libbfd), as distributed ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-10 (source package) fix is available for the selected suite (sid)

CVE-2017-14128 (fixed, remotely exploitable, low urgency) The decode_line_info function in dwarf2.c in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-14129 (fixed, remotely exploitable, low urgency) The read_section function in dwarf2.c in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-10 (source package) fix is available for the selected suite (sid)

CVE-2017-14130 (fixed, remotely exploitable, low urgency) The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-14333 (fixed, remotely exploitable, medium urgency) The process_version_sections function in readelf.c in GNU Binutils 2.29 ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-9 (source package) fix is available for the selected suite (sid)

CVE-2017-14529 (fixed, remotely exploitable, medium urgency) The pe_print_idata function in peXXigen.c in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-10 (source package) fix is available for the selected suite (sid)

CVE-2017-14729 (fixed, remotely exploitable, medium urgency) The *_get_synthetic_symtab functions in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29.1-2 (source package) fix is available for the selected suite (sid)

CVE-2017-14745 (fixed, remotely exploitable, medium urgency) The *_get_synthetic_symtab functions in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-11 (source package) fix is available for the selected suite (sid)

CVE-2017-14974 (fixed, remotely exploitable, medium urgency) The *_get_synthetic_symtab functions in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29.1-2 (source package) fix is available for the selected suite (sid)

CVE-2017-9038 (fixed, remotely exploitable, low urgency) GNU Binutils 2.28 allows remote attackers to cause a denial of service ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.28-6 (source package) fix is available for the selected suite (sid)

CVE-2017-9039 (fixed, remotely exploitable, low urgency) GNU Binutils 2.28 allows remote attackers to cause a denial of service ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.28-6 (source package) fix is available for the selected suite (sid)

CVE-2017-9040 (fixed, remotely exploitable, low urgency) GNU Binutils 2017-04-03 allows remote attackers to cause a denial of ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9041 (fixed, remotely exploitable, low urgency) GNU Binutils 2.28 allows remote attackers to cause a denial of service ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.28-6 (source package) fix is available for the selected suite (sid)

CVE-2017-9042 (fixed, remotely exploitable, low urgency) readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9043 (fixed, remotely exploitable, low urgency) readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9044 (fixed, remotely exploitable, low urgency) The print_symbol_for_build_attribute function in readelf.c in GNU ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9742 (fixed, remotely exploitable, low urgency) The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9743 (fixed, remotely exploitable, low urgency) The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9744 (fixed, remotely exploitable, low urgency) The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9745 (fixed, remotely exploitable, low urgency) The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9746 (fixed, remotely exploitable, low urgency) The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9747 (fixed, remotely exploitable, low urgency) The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9748 (fixed, remotely exploitable, low urgency) The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9749 (fixed, remotely exploitable, low urgency) The regs macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9750 (fixed, remotely exploitable, low urgency) opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9751 (fixed, remotely exploitable, low urgency) opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9752 (fixed, remotely exploitable, low urgency) bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9753 (fixed, remotely exploitable, low urgency) The versados_mkobject function in bfd/versados.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9754 (fixed, remotely exploitable, low urgency) The process_otr function in bfd/versados.c in the Binary File ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9755 (fixed, remotely exploitable, low urgency) opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9756 (fixed, remotely exploitable, low urgency) The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9954 (fixed, remotely exploitable, medium urgency) The getvalue function in tekhex.c in the Binary File Descriptor (BFD) ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9955 (fixed, remotely exploitable, medium urgency) The get_build_id function in opncls.c in the Binary File Descriptor ... installed: binutils 2.28-5 (built from binutils 2.28-5) fixed in unstable: binutils 2.29-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: libc-dev-bin 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-17446 (fixed, remotely exploitable, medium urgency) The Mem_File_Reader::read_avail function in Data_Reader.cpp in the ... installed: libgme0 0.6.0-4 (built from game-music-emu 0.6.0-4) fixed in unstable: game-music-emu 0.6.2-1 (source package) fix is available for the selected suite (sid)

CVE-2017-14632 (fixed, remotely exploitable, high urgency) Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ... installed: libvorbisenc2 1.3.5-4 (built from libvorbis 1.3.5-4) fixed in unstable: libvorbis 1.3.5-4.1 (source package) fixed on branch: libvorbis 0 (source package) fixed on branch: libvorbis 1.3.2-1.3 (source package) fixed on branch: libvorbis 1.3.4-2 (source package) fix is available for the selected suite (sid)

CVE-2017-14633 (fixed, remotely exploitable, medium urgency) In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ... installed: libvorbisenc2 1.3.5-4 (built from libvorbis 1.3.5-4) fixed in unstable: libvorbis 1.3.5-4.1 (source package) fix is available for the selected suite (sid)

CVE-2017-9258 (fixed, remotely exploitable, low urgency) The TDStretch::processSamples function in ... installed: libsoundtouch1 1.9.2-2 (built from soundtouch 1.9.2-2) fixed in unstable: soundtouch 1.9.2-3 (source package) fix is available for the selected suite (sid)

CVE-2017-9259 (fixed, remotely exploitable, low urgency) The TDStretch::acceptNewOverlapLength function in ... installed: libsoundtouch1 1.9.2-2 (built from soundtouch 1.9.2-2) fixed in unstable: soundtouch 1.9.2-3 (source package) fix is available for the selected suite (sid)

CVE-2017-9260 (fixed, remotely exploitable, low urgency) The TDStretchSSE::calcCrossCorr function in ... installed: libsoundtouch1 1.9.2-2 (built from soundtouch 1.9.2-2) fixed in unstable: soundtouch 1.9.2-3 (source package) fix is available for the selected suite (sid)

CVE-2017-12424 (fixed, remotely exploitable, high urgency) In shadow before 4.5, the newusers tool could be made to manipulate ... installed: login 1:4.4-4.1 (built from shadow 1:4.4-4.1) fixed in unstable: shadow 1:4.5-1 (source package) fix is available for the selected suite (sid)

CVE-2017-7697 (fixed, remotely exploitable, medium urgency) In libsamplerate before 0.1.9, a buffer over-read occurs in the ... installed: libsamplerate0 0.1.8-8 (built from libsamplerate 0.1.8-8) fixed in unstable: libsamplerate 0.1.9-1 (source package) fix is available for the selected suite (sid)

CVE-2017-0898 (fixed, remotely exploitable, medium urgency) Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ... installed: libruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-0903 (fixed, remotely exploitable, high urgency) RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ... installed: libruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-10784 (fixed, remotely exploitable, high urgency) The Basic authentication code in WEBrick library in Ruby before 2.2.8, ... installed: libruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-14033 (fixed, remotely exploitable, medium urgency) The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ... installed: libruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.5-1 (source package) fixed on branch: ruby2.3 2.3.3-1+deb9u2 (source package) fix is available for the selected suite (sid)

CVE-2017-17405 (fixed, remotely exploitable, high urgency) Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ... installed: libruby2.3 2.3.3-1+deb9u1+rpi1 (built from ruby2.3 2.3.3-1+deb9u1+rpi1) fixed in unstable: ruby2.3 2.3.6-1 (source package) fix is available for the selected suite (sid)

CVE-2017-14632 (fixed, remotely exploitable, high urgency) Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ... installed: libvorbis0a 1.3.5-4 (built from libvorbis 1.3.5-4) fixed in unstable: libvorbis 1.3.5-4.1 (source package) fixed on branch: libvorbis 0 (source package) fixed on branch: libvorbis 1.3.2-1.3 (source package) fixed on branch: libvorbis 1.3.4-2 (source package) fix is available for the selected suite (sid)

CVE-2017-14633 (fixed, remotely exploitable, medium urgency) In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ... installed: libvorbis0a 1.3.5-4 (built from libvorbis 1.3.5-4) fixed in unstable: libvorbis 1.3.5-4.1 (source package) fix is available for the selected suite (sid)

CVE-2017-15906 (fixed, remotely exploitable, low urgency) The process_open function in sftp-server.c in OpenSSH before 7.6 does ... installed: openssh-client 1:7.4p1-10+deb9u2 (built from openssh 1:7.4p1-10+deb9u2) fixed in unstable: openssh 1:7.6p1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-16879 (fixed, remotely exploitable, medium urgency) Stack-based buffer overflow in the _nc_write_entry function in ... installed: ncurses-bin 6.0+20161126-1+deb9u1 (built from ncurses 6.0+20161126-1+deb9u1) fixed in unstable: ncurses 6.0+20171125-1 (source package) fix is available for the selected suite (sid)

CVE-2017-10683 (fixed, remotely exploitable, medium urgency) In mpg123 1.25.0, there is a heap-based buffer over-read in the ... installed: libmpg123-0 1.23.8-1 (built from mpg123 1.23.8-1) fixed in unstable: mpg123 1.25.1-1 (source package) fixed on branch: mpg123 1.14.4-1+deb7u2 (source package) fix is available for the selected suite (sid)

CVE-2017-12797 (fixed, remotely exploitable, medium urgency) Integer overflow in the INT123_parse_new_id3 function in the ID3 ... installed: libmpg123-0 1.23.8-1 (built from mpg123 1.23.8-1) fixed in unstable: mpg123 1.25.6-1 (source package) fix is available for the selected suite (sid)

CVE-2017-9545 (fixed, remotely exploitable, low urgency) The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ... installed: libmpg123-0 1.23.8-1 (built from mpg123 1.23.8-1) fixed in unstable: mpg123 1.25.4-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000250 (fixed, remotely exploitable, low urgency) All versions of the SDP server in BlueZ 5.46 and earlier are ... installed: bluez 5.43-2+rpt2+deb9u2 (built from bluez 5.43-2+rpt2+deb9u2) fixed in unstable: bluez 5.46-1 (source package) fixed on branch: bluez 4.99-2+deb7u1 (source package) fixed on branch: bluez 5.23-2+deb8u1 (source package) fixed on branch: bluez 5.43-2+deb9u1 (source package) fix is available for the selected suite (sid)

CVE-2017-17081 (fixed, remotely exploitable, medium urgency) The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ... installed: libavformat57 7:3.2.9-1~deb9u1 (built from ffmpeg 7:3.2.9-1~deb9u1) fixed in unstable: ffmpeg 7:3.4.1-1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: libc6-dev 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2016-6328 (fixed)

installed: libexif12 0.6.21-2 (built from libexif 0.6.21-2) fixed in unstable: libexif 0.6.21-2.1 (source package) fix is available for the selected suite (sid)

CVE-2017-7544 (fixed, remotely exploitable, medium urgency) libexif through 0.6.21 is vulnerable to out-of-bounds heap read ... installed: libexif12 0.6.21-2 (built from libexif 0.6.21-2) fixed in unstable: libexif 0.6.21-2.1 (source package) fix is available for the selected suite (sid)

CVE-2017-1000408 (fixed) memory leak installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-1000409 (fixed) buffer overflow installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-5 (source package) fix is available for the selected suite (sid)

CVE-2017-12132 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ... installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-1 (source package) fixed on branch: glibc 2.25-0experimental1 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-12133 (fixed, remotely exploitable, medium urgency) The DNS stub resolver in the GNU C Library (glibc) before version ... installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.24-15 (source package) fix is available for the selected suite (sid)

CVE-2017-15670 (fixed, remotely exploitable, high urgency) The GNU C Library (aka glibc or libc6) before 2.27 contains an ... installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15671 (fixed, remotely exploitable, medium urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fixed on branch: glibc 2.26-0experimental0 (source package) fix is available for the selected suite (sid)

CVE-2017-15804 (fixed, remotely exploitable, low urgency) The glob function in glob.c in the GNU C Library (aka glibc or libc6) ... installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-3 (source package) fix is available for the selected suite (sid)

CVE-2017-16997 (fixed, remotely exploitable, high urgency) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ... installed: locales 2.24-11+deb9u1 (built from glibc 2.24-11+deb9u1) fixed in unstable: glibc 2.25-6 (source package) fix is available for the selected suite (sid)

CVE-2017-14062 (fixed, remotely exploitable, high urgency) Integer overflow in the decode_digit function in puny_decode.c in ... installed: libidn11 1.33-1 (built from libidn 1.33-1) fixed in unstable: libidn 1.33-2 (source package) fixed on branch: libidn 1.25-2+deb7u3 (source package) fix is available for the selected suite (sid)

CVE-2017-12678 (fixed, remotely exploitable, medium urgency) In TagLib 1.11.1, the rebuildAggregateFrames function in ... installed: libtag1v5-vanilla 1.11.1+dfsg.1-0.1 (built from taglib 1.11.1+dfsg.1-0.1) fixed in unstable: taglib 1.11.1+dfsg.1-0.2 (source package) fixed on branch: taglib 0 (source package) fixed on branch: taglib 1.7.2-1 (source package) fixed on branch: taglib 1.9.1-2.1 (source package) fix is available for the selected suite (sid)

CVE-2017-11671 (fixed, low urgency) Under certain circumstances, the ix86_expand_builtin function in i386.c ... installed: gcc-5-base 5.4.1-4 (built from gcc-5 5.4.1-4) fixed in unstable: gcc-5 5.4.1-10 (source package) fix is available for the selected suite (sid)

teusink commented 6 years ago

Seems like allot of out-dated packages in Debian Stretch for Raspberry Pi. Even though the system is fully-updated against the repos.

teusink commented 6 years ago

Updated the list as of 14th January 2018. I can do nothing about it, so I keep it in this issue for future reference. Ticket closed.