Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 619786

Summary: app-accessibility/SphinxTrain: Unspecified vulnerability (CVE-2017-{9212,9214})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: major CC: accessibility, sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [ebuild]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-26 21:35:53 UTC
CVE-2017-9214 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9214):
  In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY
  type OFP 1.0 message, there is a buffer over-read that is caused by an
  unsigned integer underflow in the function
  `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

CVE-2017-9212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9212):
  The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the
  CD/Multimedia software via %x or %c format string specifiers in a device
  name.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-26 21:37:13 UTC
Sorry, invalid bug. I was testing GLSAmaker.