[Secure-testing-commits] r30036 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Nov 13 17:41:00 UTC 2014 

Author: jmm
Date: 2014-11-13 17:41:00 +0000 (Thu, 13 Nov 2014)
New Revision: 30036

Modified:
   data/CVE/list
Log:
workarounds for glibc/eglibc


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-13 17:36:44 UTC (rev 30035)
+++ data/CVE/list	2014-11-13 17:41:00 UTC (rev 30036)
@@ -8965,6 +8965,7 @@
 CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in ...)
 	{DSA-3012-1 DLA-43-1}
 	- glibc 2.19-10 (medium)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	- eglibc <removed> (medium)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
 	NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
@@ -10674,6 +10675,7 @@
 CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...)
 	- eglibc <removed>
 	- glibc 2.19-2 (low; bug #751774)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc <no-dsa> (Minor issue)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...)
@@ -28915,6 +28917,7 @@
 CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc <removed>
 	- glibc 2.18-1 (low; bug #727181)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
@@ -29366,6 +29369,7 @@
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
 	- glibc 2.17-93 (bug #722536)
 	- eglibc <removed>
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
 CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...)
@@ -29702,6 +29706,7 @@
 CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
 	- eglibc <removed>
 	- glibc 2.17-94 (bug #719558)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
@@ -35876,6 +35881,7 @@
 CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc <removed>
 	- glibc 2.17-2 (low; bug #704623)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
@@ -41105,6 +41111,7 @@
 CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
 	- eglibc <removed>
 	- glibc 2.17-2 (low; bug #699399)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2013/q1/202
@@ -47025,6 +47032,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
 	- eglibc <removed>
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	- glibc 2.17-94 (low; bug #689423)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -47070,6 +47078,7 @@
 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
 	- eglibc <removed>
 	- glibc 2.17-94 (low; bug #687530)
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ...)
@@ -49691,6 +49700,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
 CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
 	- eglibc <removed>
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	- glibc 2.13-35 (low; bug #681473)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446

More information about the Secure-testing-commits mailing list