[Secure-testing-commits] r30336 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Nov 25 21:13:42 UTC 2014 

Author: sectracker
Date: 2014-11-25 21:13:42 +0000 (Tue, 25 Nov 2014)
New Revision: 30336

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-25 21:06:14 UTC (rev 30335)
+++ data/CVE/list	2014-11-25 21:13:42 UTC (rev 30336)
@@ -1546,26 +1546,31 @@
 	NOTE: Patch here: http://trac.imagemagick.org/changeset/16872
 CVE-2014-8714 [TN5250 infinite loop]
 	RESERVED
+	{DSA-3076-1}
 	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-23.html
 	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
 CVE-2014-8713 [NCP dissector crashes]
 	RESERVED
+	{DSA-3076-1}
 	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
 	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
 CVE-2014-8712 [NCP dissector crashes]
 	RESERVED
+	{DSA-3076-1}
 	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
 	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
 CVE-2014-8711 [AMQP dissector crash]
 	RESERVED
+	{DSA-3076-1}
 	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-21.html
 	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
 CVE-2014-8710 [SigComp dissector crash]
 	RESERVED
+	{DSA-3076-1}
 	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html
 	NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
@@ -1675,28 +1680,26 @@
 CVE-2014-8550
 	RESERVED
 CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the ...)
-        - ffmpeg 7:2.4.3-1
-        - libav <undetermined>
+	- ffmpeg 7:2.4.3-1
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows ...)
-        - ffmpeg 7:2.4.3-1
-        - libav <undetermined>
+	- ffmpeg 7:2.4.3-1
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
 CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
-        - ffmpeg 7:2.4.3-1
-        - libav <undetermined>
+	- ffmpeg 7:2.4.3-1
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
 CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
-        - ffmpeg <undetermined>
-        - libav <undetermined>
+	- ffmpeg <undetermined>
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
-
 	TODO: check, not sure if patch correct, is applied in 7:2.4.3-1
 CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the ...)
-        - ffmpeg 7:2.4.3-1
-        - libav <undetermined>
+	- ffmpeg 7:2.4.3-1
+	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
-
 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate ...)
 	- ffmpeg 7:2.4.3-1
 	- libav <undetermined>
@@ -1705,7 +1708,6 @@
 	- ffmpeg 7:2.4.3-1
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
-
 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
 	- ffmpeg 7:2.4.3-1
 	- libav <undetermined>
@@ -9330,7 +9332,7 @@
 	NOTE: Fix MySQL: https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638
 	NOTE: Fix MariaDB: https://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/4261?sort=date#storage/myisam/ha_myisam.cc
 CVE-2014-5270 (Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...)
-	{DSA-3073-1 DSA-3024-1 DLA-54-1}
+	{DSA-3073-1 DSA-3024-1 DLA-93-1 DLA-54-1}
 	- gnupg 1.4.16-1
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496
 	- libgcrypt11 1.5.4-1
@@ -13097,7 +13099,7 @@
 	[jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
 	- kfreebsd-10 10.1~svn273874-1 (bug #766278)
 CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the ...)
-	{DSA-3074-1 DSA-3072-1 DLA-86-1}
+	{DSA-3074-1 DSA-3072-1 DLA-94-1 DLA-86-1}
 	- file 1:5.20-2 (bug #768806)
 	NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
 	- php5 5.6.3+dfsg-1 (bug #768807)
@@ -13234,15 +13236,15 @@
 CVE-2014-3671
 	REJECTED
 CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in ...)
-	{DSA-3064-1}
+	{DSA-3064-1 DLA-94-1}
 	- php5 5.6.2+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68113
 CVE-2014-3669 (Integer overflow in the object_custom function in ...)
-	{DSA-3064-1}
+	{DSA-3064-1 DLA-94-1}
 	- php5 5.6.2+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68044
 CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime ...)
-	{DSA-3064-1}
+	{DSA-3064-1 DLA-94-1}
 	- php5 5.6.2+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68027
 CVE-2014-3667 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 does not ...)

More information about the Secure-testing-commits mailing list