[Secure-testing-commits] r30892 - data/CVE

Sun Dec 21 21:10:16 UTC 2014

Author: sectracker
Date: 2014-12-21 21:10:16 +0000 (Sun, 21 Dec 2014)
New Revision: 30892

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-12-21 20:33:22 UTC (rev 30891)
+++ data/CVE/list	2014-12-21 21:10:16 UTC (rev 30892)
@@ -225,6 +225,7 @@
 	NOTE: http://downloads.digium.com/pub/security/AST-2014-019.html
 CVE-2014-9323 [denial of service]
 	RESERVED
+	{DSA-3109-1}
 	- firebird2.5 2.5.3.26778.ds4-5 (bug #772880)
 	- firebird2.1 <removed>
 	NOTE: http://sourceforge.net/p/firebird/code/60331
@@ -2319,7 +2320,7 @@
 	- sosreport 3.2-2 (bug #769521)
 	NOTE: https://github.com/sosreport/sos/issues/425
 CVE-2014-8884 (Stack-based buffer overflow in the ...)
-	{DSA-3093-1}
+	{DSA-3093-1 DLA-118-1}
 	- linux 3.16.7-ckt2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1)
@@ -2695,6 +2696,7 @@
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html
 	NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
 CVE-2014-8709 (The ieee80211_fragment function in net/mac80211/tx.c in the Linux ...)
+	{DLA-118-1}
 	- linux 3.14.2-1
 	[wheezy] - linux 3.2.57-1
 	- linux-2.6 <removed>
@@ -4670,7 +4672,7 @@
 	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1)
 CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the ...)
-	{DSA-3093-1}
+	{DSA-3093-1 DLA-118-1}
 	- linux 3.16.7-ckt2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5)
@@ -8000,6 +8002,7 @@
 	- neutron 2014.1.3-1
 	NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to 2014.1.2
 CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
+	{DLA-118-1}
 	- linux 3.16.5-1
 	[wheezy] - linux 3.2.63-1
 	- linux-2.6 <removed>
@@ -14420,12 +14423,12 @@
 	NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks.
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc
 CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows ...)
-	{DSA-3060-1}
+	{DSA-3060-1 DLA-118-1}
 	- linux 3.16.7-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26b87c7881006311828bb0ab271a551a62dcceb4 (v3.18-rc1)
 CVE-2014-3687 (The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in ...)
-	{DSA-3060-1}
+	{DSA-3060-1 DLA-118-1}
 	- linux 3.16.7-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b69040d8e39f20d5215a03502a8e8b4c6ab78395 (v3.18-rc1)
@@ -16065,6 +16068,7 @@
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101
 	NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3)
 CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function ...)
+	{DLA-118-1}
 	- linux 3.16.2-2
 	[wheezy] - linux 3.2.63-1
 	- linux-2.6 <removed>
@@ -66835,8 +66839,10 @@
 	{DSA-2365-1}
 	- dtc 0.34.1-1 (bug #637477)
 CVE-2011-3194 (Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...)
+	{DLA-117-1}
 	- qt4-x11 4:4.7.4-1 (bug #641738)
 CVE-2011-3193 (Heap-based buffer overflow in the Lookup_MarkMarkPos function in the ...)
+	{DLA-117-1}
 	- qt4-x11 4:4.7.4-1 (bug #641738)
 	- pango1.0 1.28.3-1
 	NOTE: affected code in pango1.0 removed earlier, but this is the version checked (lenny is affected)


