619786 – app-accessibility/SphinxTrain: Unspecified vulnerability (CVE-2017-{9212,9214})

Bug 619786 - app-accessibility/SphinxTrain: Unspecified vulnerability (CVE-2017-{9212,9214})

Summary: app-accessibility/SphinxTrain: Unspecified vulnerability (CVE-2017-{9212,9214})

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2017-05-26 21:35 UTC by GLSAMaker/CVETool Bot
Modified:	2017-05-26 21:37 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-05-26 21:35:53 UTC

CVE-2017-9214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9214):
  In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY
  type OFP 1.0 message, there is a buffer over-read that is caused by an
  unsigned integer underflow in the function
  `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

CVE-2017-9212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9212):
  The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the
  CD/Multimedia software via %x or %c format string specifiers in a device
  name.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-26 21:37:13 UTC

Sorry, invalid bug. I was testing GLSAmaker.