[Secure-testing-commits] r29508 - in data: . CVE
Thijs Kinkhorst
thijs at moszumanska.debian.org
Sat Oct 18 11:14:35 UTC 2014
Author: thijs
Date: 2014-10-18 11:14:35 +0000 (Sat, 18 Oct 2014)
New Revision: 29508
Modified:
data/CVE/list
data/next-point-update.txt
Log:
wheezy 7.7
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-18 09:24:59 UTC (rev 29507)
+++ data/CVE/list 2014-10-18 11:14:35 UTC (rev 29508)
@@ -4197,21 +4197,21 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...)
- linux 3.16.3-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...)
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux 3.16.3-1
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux ...)
- linux 3.16.3-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
@@ -4221,7 +4221,7 @@
NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to 2014.1.2
CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
- linux 3.16.5-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65 (v3.17-rc5)
CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kernel ...)
@@ -6372,7 +6372,7 @@
NOTE: commit contained first in v3.17-rc2
CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal ...)
- linux 3.16.2-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
@@ -6794,7 +6794,7 @@
CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash ...)
{DLA-61-1}
- libplack-perl 1.0031-1
- [wheezy] - libplack-perl <no-dsa> (Will be fixed in point release)
+ [wheezy] - libplack-perl 0.9989-1+deb7u1
NOTE: https://github.com/plack/Plack/issues/405
CVE-2014-5255 [Insecure use of temporary file related to the /tmp/get_infos_dvd.sh]
RESERVED
@@ -7304,7 +7304,7 @@
[squeeze] - cairo <no-dsa> (Minor issue)
CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ...)
- linux 3.14.15-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
CVE-2014-5043
@@ -8416,6 +8416,7 @@
NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe ...)
- linux 3.14.9-1 (unimportant)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed> (unimportant)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
NOTE: Not exploitable with the block sizes used in kernel images
@@ -9027,7 +9028,7 @@
NOT-FOR-US: OctavoCMS
CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 ...)
- perl 5.20.1-1 (bug #762256)
- [wheezy] - perl <no-dsa> (Minor issue)
+ [wheezy] - perl 5.14.2-21+deb7u2
[squeeze] - perl <no-dsa> (Minor issue)
NOTE: upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304
CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...)
@@ -9434,7 +9435,7 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766
CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly ...)
- linux 3.14.15-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://lkml.org/lkml/2014/7/2/518
CVE-2014-4170
@@ -10805,7 +10806,7 @@
NOT-FOR-US: OpenShift
CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
- linux 3.16.2-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
@@ -10825,7 +10826,7 @@
NOTE: incomplete fix for CVE-2014-4049
CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ...)
- axis 1.4-21 (low; bug #762444)
- [wheezy] - axis <no-dsa> (Minor issue)
+ [wheezy] - axis 1.4-16.2+deb7u1
[squeeze] - axis <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
CVE-2014-3595 (Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, ...)
@@ -11485,7 +11486,7 @@
NOT-FOR-US: Symantec PGP Desktop
CVE-2014-3429 (IPython Notebook 0.12 through 1.x before 1.2 does not validate the ...)
- ipython 1.2.0~rc1-1 (low)
- [wheezy] - ipython <no-dsa> (Minor issue)
+ [wheezy] - ipython 0.13.1-2+deb7u1
[squeeze] - ipython <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ipython/ipython/pull/4845
CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...)
@@ -12086,31 +12087,31 @@
NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3)
CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function ...)
- linux 3.16.2-2
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98
NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3)
CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel ...)
- linux 3.16.2-2
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91
NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2)
CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request function in ...)
- linux 3.16.2-2
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90
NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2)
CVE-2014-3182 (Array index error in the logi_dj_raw_event function in ...)
- linux 3.16.2-2
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <removed>
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89
NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2)
CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event ...)
- linux 3.16.5-1
- [wheezy] - linux <no-dsa> (Will be fixed in next point release)
+ [wheezy] - linux 3.2.63-1
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100
NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3)
@@ -12656,7 +12657,7 @@
CVE-2014-2972 (expand.c in Exim before 4.83 expands mathematical comparisons twice, ...)
- exim4 4.82.1-2 (low)
[squeeze] - exim4 <no-dsa> (Minor issue)
- [wheezy] - exim4 <no-dsa> (Minor issue)
+ [wheezy] - exim4 4.80-7+deb7u1
CVE-2014-2971 (Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in ...)
NOT-FOR-US: MicroPact iComplaints
CVE-2014-2970
@@ -14952,6 +14953,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs ...)
- net-snmp 5.7.2.1~dfsg-3 (unimportant)
+ [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072778
NOTE: Upstream fix: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/
@@ -28175,6 +28177,7 @@
CVE-2013-4357 [getaddrinfo() stack overflow]
RESERVED
- eglibc 2.17-1 (unimportant; bug #742925)
+ [wheezy] - eglibc 2.13-38+deb7u5
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
- xen 4.4.0-1
@@ -34336,7 +34339,7 @@
NOT-FOR-US: Drupal module Filebrowser
CVE-2013-2035 (Race condition in ...)
- hawtjni 1.10-1 (low; bug #708293)
- [wheezy] - hawtjni <no-dsa> (Minor issue)
+ [wheezy] - hawtjni 1.0~+git0c502e20c4-3+deb7u1
CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
@@ -40724,7 +40727,7 @@
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...)
- net-snmp 5.7.2.1~dfsg-3 (low; bug #731625)
- [wheezy] - net-snmp <no-dsa> (Minor issue)
+ [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
[squeeze] - net-snmp <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/p/net-snmp/bugs/2411/
NOTE: Upstream patch: http://sourceforge.net/p/net-snmp/code/ci/793d596838ff7cb48a73b675d62897c56c9e62df/
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2014-10-18 09:24:59 UTC (rev 29507)
+++ data/next-point-update.txt 2014-10-18 11:14:35 UTC (rev 29508)
@@ -1,50 +0,0 @@
-CVE-2013-2035
- [wheezy] - hawtjni 1.0~+git0c502e20c4-3+deb7u1
-CVE-2014-3429
- [wheezy] - ipython 0.13.1-2+deb7u1
-CVE-2014-2972
- [wheezy] - exim4 4.80-7+deb7u1
-CVE-2014-4330
- [wheezy] - perl 5.14.2-21+deb7u2
-CVE-2014-2285
- [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
-CVE-2014-3565
- [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
-CVE-2012-6151
- [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
-CVE-2014-3181
- [wheezy] - linux 3.2.63-1
-CVE-2014-3182
- [wheezy] - linux 3.2.63-1
-CVE-2014-3183
- [wheezy] - linux 3.2.63-1
-CVE-2014-3184
- [wheezy] - linux 3.2.63-1
-CVE-2014-3185
- [wheezy] - linux 3.2.63-1
-CVE-2014-3601
- [wheezy] - linux 3.2.63-1
-CVE-2014-4171
- [wheezy] - linux 3.2.63-1
-CVE-2014-4608
- [wheezy] - linux 3.2.63-1
-CVE-2014-5077
- [wheezy] - linux 3.2.63-1
-CVE-2014-5471
- [wheezy] - linux 3.2.63-1
-CVE-2014-5472
- [wheezy] - linux 3.2.63-1
-CVE-2014-6410
- [wheezy] - linux 3.2.63-1
-CVE-2014-6416
- [wheezy] - linux 3.2.63-1
-CVE-2014-6417
- [wheezy] - linux 3.2.63-1
-CVE-2014-6418
- [wheezy] - linux 3.2.63-1
-CVE-2014-3596
- [wheezy] - axis 1.4-16.2+deb7u1
-CVE-2014-5269
- [wheezy] - libplack-perl 0.9989-1+deb7u1
-CVE-2013-4357
- [wheezy] - eglibc 2.13-38+deb7u5
More information about the Secure-testing-commits
mailing list