[Secure-testing-commits] r30928 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Dec 22 21:10:27 UTC 2014
Author: sectracker
Date: 2014-12-22 21:10:26 +0000 (Mon, 22 Dec 2014)
New Revision: 30928
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-22 20:58:00 UTC (rev 30927)
+++ data/CVE/list 2014-12-22 21:10:26 UTC (rev 30928)
@@ -74,6 +74,7 @@
NOTE: http://bugs.gw.com/view.php?id=398
NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
CVE-2014-9402 [endless loop in getaddr_r]
+ {DLA-122-1}
- glibc <unfixed>
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
@@ -2732,7 +2733,6 @@
NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
NOTE: Patch for 1.2.x: https://github.com/polarssl/polarssl/commit/6b440389136afbcb0d831f880176c830bd3e0c7c
NOTE: Version 1.2.11 also brings other security-relevant fixes. Maybe update to new upstream version?
-
CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorithm to ...)
- polarssl 1.3.9-1
[wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
@@ -3948,11 +3948,11 @@
- unzip 6.0-13 (bug #773722)
CVE-2014-8138 [heap overflow in jp2_decode()]
RESERVED
- {DSA-3106-1}
+ {DSA-3106-1 DLA-121-1}
- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8137 [double-free in in jas_iccattrval_destroy()]
RESERVED
- {DSA-3106-1}
+ {DSA-3106-1 DLA-121-1}
- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8136 [local denial of service in qemu/qemu_driver.c]
RESERVED
More information about the Secure-testing-commits
mailing list