[Secure-testing-commits] r38277 - data/CVE

Mon Dec 14 15:50:30 UTC 2015

Author: carnil
Date: 2015-12-14 15:50:30 +0000 (Mon, 14 Dec 2015)
New Revision: 38277

Modified:
   data/CVE/list
Log:
Some libxml2 issues fixed in unstable

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-12-14 14:06:56 UTC (rev 38276)
+++ data/CVE/list	2015-12-14 15:50:30 UTC (rev 38277)
@@ -2270,7 +2270,7 @@
 	NOT-FOR-US: SolarWinds remote control
 CVE-2015-8242 [Buffer overread with HTML parser in push mode in xmlSAX2TextNode]
 	RESERVED
-	- libxml2 <unfixed> (bug #805146)
+	- libxml2 2.9.3+dfsg1-1 (bug #805146)
 	[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
 	[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
 	[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
@@ -2814,7 +2814,7 @@
 CVE-2015-8032
 	RESERVED
 CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...)
-	- libxml2 <unfixed> (bug #803942)
+	- libxml2 2.9.3+dfsg1-1 (bug #803942)
 	[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
 	NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (v2.9.3)
 	NOTE: You can use "xmllint --version" to verify if libxml2 is compiled with "Lzma" support.
@@ -4381,23 +4381,23 @@
 	RESERVED
 CVE-2015-7500 [memory access error due to incorrect entities boundaries]
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f (v2.9.3)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756525 (upstream bug not yet open)
 CVE-2015-7499
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc (v2.9.3)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da (v2.9.3)
 	TODO: check affected versions
 CVE-2015-7498 [processes entities after encoding conversion failures]
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 (v2.9.3)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756527 (upstream bug not yet open)
 CVE-2015-7497 [heap buffer overflow in xmlDictComputeFastQKey]
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 (v2.9.3)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
 CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...)
@@ -10074,7 +10074,7 @@
 	RESERVED
 CVE-2015-5312 [entity expansion issue]
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e (v2.9.3)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756733 (upstream bug not yet open)
 CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows ...)
@@ -15730,7 +15730,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
 CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does ...)
 	{DLA-334-1}
-	- libxml2 <unfixed> (bug #802827)
+	- libxml2 2.9.3+dfsg1-1 (bug #802827)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d


