[Secure-testing-commits] r29966 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Nov 11 11:52:42 UTC 2014
Author: jmm
Date: 2014-11-11 11:52:41 +0000 (Tue, 11 Nov 2014)
New Revision: 29966
Modified:
data/CVE/list
Log:
more fixes for glibc/eglibc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-11 11:48:26 UTC (rev 29965)
+++ data/CVE/list 2014-11-11 11:52:41 UTC (rev 29966)
@@ -10621,7 +10621,8 @@
[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...)
- - eglibc 2.19-2 (low; bug #751774)
+ - eglibc <removed>
+ - glibc 2.19-2 (low; bug #751774)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...)
@@ -27773,7 +27774,8 @@
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before ...)
NOT-FOR-US: Cotonti
CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...)
- - eglibc 2.17-94 (low; bug #717178)
+ - glibc 2.17-94 (low; bug #717178)
+ - eglibc <removed>
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to statically linked binaries)
CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
@@ -28813,7 +28815,8 @@
CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...)
- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
- - eglibc 2.18-1 (low; bug #727181)
+ - eglibc <removed>
+ - glibc 2.18-1 (low; bug #727181)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
@@ -34764,7 +34767,8 @@
[squeeze] - tpp <no-dsa> (Minor issue)
[wheezy] - tpp <no-dsa> (Minor issue)
CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not ...)
- - eglibc <unfixed> (low; bug #717544)
+ - eglibc <removed>
+ - glibc <unfixed> (low; bug #717544)
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in ...)
@@ -35764,7 +35768,8 @@
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2
CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
- - eglibc 2.17-2 (low; bug #704623)
+ - eglibc <removed>
+ - glibc 2.17-2 (low; bug #704623)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
@@ -40992,7 +40997,8 @@
- drupal7 7.14-1.3 (bug #698334)
NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
- - eglibc 2.17-2 (low; bug #699399)
+ - eglibc <removed>
+ - glibc 2.17-2 (low; bug #699399)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q1/202
@@ -46907,7 +46913,8 @@
- spice-gtk 0.12-5 (bug #689155)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
- - eglibc 2.17-94 (low; bug #689423)
+ - eglibc <removed>
+ - glibc 2.17-94 (low; bug #689423)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...)
More information about the Secure-testing-commits
mailing list