[Secure-testing-commits] r30277 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Nov 24 14:57:36 UTC 2014 

Author: jmm
Date: 2014-11-24 14:57:36 +0000 (Mon, 24 Nov 2014)
New Revision: 30277

Modified:
   data/CVE/list
Log:
record one older kernel spu fix
add missing py25 entries for squeeze


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-24 12:27:40 UTC (rev 30276)
+++ data/CVE/list	2014-11-24 14:57:36 UTC (rev 30277)
@@ -3434,13 +3434,11 @@
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1)
-	TODO: check
 CVE-2014-7841 [net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet]
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
-	TODO: check
 CVE-2014-7840 [insufficient parameter validation during ram load]
 	RESERVED
 	- qemu <unfixed> (low; bug #769451)
@@ -4962,6 +4960,7 @@
 	{DSA-3035-1 DLA-63-1}
 	- bash 4.3-9.2
 CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows ...)
+	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
 	[squeeze] - python2.6 <no-dsa> (Minor issue)
 	[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -8904,7 +8903,7 @@
 	NOT-FOR-US: TimThumb
 CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
 	- linux 3.16.2-1
-	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
+	[wheezy] - linux 3.2.63-1
 	- linux-2.6 <removed>
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
 	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
@@ -11182,6 +11181,7 @@
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
 CVE-2014-4616 [arbitrary process memory read]
 	RESERVED
+	- python2.5 <removed>
 	- python2.6 <removed>
 	[squeeze] - python2.6 <no-dsa> (minor issue)
 	[wheezy] - python2.6 <no-dsa> (minor issue)

More information about the Secure-testing-commits mailing list