[Secure-testing-commits] r30449 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Nov 29 21:10:14 UTC 2014
Author: sectracker
Date: 2014-11-29 21:10:14 +0000 (Sat, 29 Nov 2014)
New Revision: 30449
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-29 20:38:20 UTC (rev 30448)
+++ data/CVE/list 2014-11-29 21:10:14 UTC (rev 30449)
@@ -110,10 +110,11 @@
- wordpress 4.0.1+dfsg-1 (bug #770425)
NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9028 [Heap buffer write overflow]
+ {DSA-3082-1}
- flac 1.3.0-3 (bug #770918)
NOTE: Upstream patches:
- NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
- NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
+ NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
+ NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
CVE-2014-9014
RESERVED
CVE-2014-9013
@@ -844,6 +845,7 @@
RESERVED
CVE-2014-8962 [Heap buffer read overflow]
RESERVED
+ {DSA-3082-1}
- flac 1.3.0-3 (bug #770918)
NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5b3033a2b355068c11fe637e14ac742d273f076e
NOTE: http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html
@@ -3700,6 +3702,7 @@
- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7817 [command execution in wordexp() with WRDE_NOCMD specified]
RESERVED
+ {DLA-97-1}
- glibc <unfixed>
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
@@ -6391,7 +6394,7 @@
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6462,7 +6465,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6531 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6499,14 +6502,14 @@
- mariadb-10.0 <not-affected> (Fixed before initial upload)
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6519 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
CVE-2014-6518
RESERVED
CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6523,13 +6526,13 @@
- openjdk-7 <not-affected> (Windows-specific)
- openjdk-8 <not-affected> (Windows-specific)
CVE-2014-6512 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
NOTE: Upstream OpenJDK commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0798607dd425
CVE-2014-6511 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6546,7 +6549,7 @@
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6506 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6557,7 +6560,7 @@
- mariadb-10.0 <not-affected> (Fixed before initial upload)
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6504 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6566,7 +6569,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6502 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -6719,7 +6722,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6457 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- {DSA-3077-1 DLA-96-1}
+ {DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 <unfixed>
@@ -7666,12 +7669,14 @@
CVE-2014-6056
RESERVED
CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...)
+ {DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
+ {DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
@@ -7680,13 +7685,16 @@
NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
CVE-2014-6053 [Server crash on a very large ClientCutText message]
RESERVED
+ {DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
CVE-2014-6052 [Lack of malloc() return value checking on client side]
RESERVED
+ {DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in ...)
+ {DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
CVE-2014-6050
@@ -8905,6 +8913,7 @@
[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6040 [crashes on invalid input in IBM gconv modules]
RESERVED
+ {DLA-97-1}
- glibc 2.19-12
- eglibc <removed>
[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
@@ -9408,6 +9417,7 @@
NOT-FOR-US: Drupal addon
CVE-2012-6656 [iconv() segfaults if the invalid multibyte character 0xffff is input when converting from IBM930]
RESERVED
+ {DLA-97-1}
- glibc 2.17-1
- eglibc <removed>
[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
More information about the Secure-testing-commits
mailing list