[Secure-testing-commits] r38308 - data/CVE

Tue Dec 15 08:46:58 UTC 2015

Author: hertzog
Date: 2015-12-15 08:46:58 +0000 (Tue, 15 Dec 2015)
New Revision: 38308

Modified:
   data/CVE/list
Log:
Mark chromium-browser CVE as end-of-life on wheezy/squeeze and libv8 as not covered by security support

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-12-15 07:59:32 UTC (rev 38307)
+++ data/CVE/list	2015-12-15 08:46:58 UTC (rev 38308)
@@ -17,6 +17,8 @@
 	TODO: check
 CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
 	- chromium-browser 47.0.2526.80-1
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-8546
 	RESERVED
 CVE-2015-8545
@@ -1608,11 +1610,18 @@
 	RESERVED
 CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in ...)
 	- chromium-browser 47.0.2526.73-1
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-8479 (Use-after-free vulnerability in the ...)
 	- chromium-browser 47.0.2526.73-1
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
 CVE-2015-8478 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
 	- chromium-browser 47.0.2526-73-1
-        - libv8 <unfixed>
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
+        - libv8 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2015-8475
 	RESERVED
 CVE-2015-8471
@@ -3462,7 +3471,10 @@
 	NOTE: http://xenbits.xen.org/xsa/advisory-148.html
 CVE-2015-7834 (Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...)
 	- chromium-browser 46.0.2490.71-1
-        - libv8 <unfixed>
+	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
+        - libv8 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 ...)
 	{DSA-3396-1 DLA-360-1}
 	- linux 4.2.6-2


