[Secure-testing-commits] r38599 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Wed Dec 30 01:46:02 UTC 2015 

Author: benh
Date: 2015-12-30 01:46:01 +0000 (Wed, 30 Dec 2015)
New Revision: 38599

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-29 22:43:10 UTC (rev 38598)
+++ data/CVE/list	2015-12-30 01:46:01 UTC (rev 38599)
@@ -895,11 +895,12 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
 CVE-2015-8614 [no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc]
 	RESERVED
-	- claws-mail 3.13.1-1
+	- claws-mail <unfixed>
+	- macopix <unfixed>
 	NOTE: http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
+	NOTE: Upstream patch is broken - first comparison uses wrong operator and others appear to assume wrong maximum character length
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
-	TODO: check (other source packages, possibly sylpheed, claws-mail, sylfilter, macopix, libsylph)
 CVE-2015-8611
 	RESERVED
 CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info]

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-12-29 22:43:10 UTC (rev 38598)
+++ data/dla-needed.txt	2015-12-30 01:46:01 UTC (rev 38599)
@@ -11,11 +11,17 @@
 --
 busybox (Chris Lamb)
 --
+claws-mail
+--
 dbconfig-common
   NOTE: maintainer should take care of this, cf https://lists.debian.org/565626BF.2010307@debian.org
 --
+giflib
+--
 libraw
 --
+librsvg
+--
 libvncserver (Mike Gabriel)
   NOTE: a fix is probably not trivial, as thread safety has to be backported to 0.9.7
   NOTE: possibly ending up in ABI breakage, second opinion welcome!
@@ -24,6 +30,10 @@
 --
 lxc (Mike Gabriel)
 --
+macopix
+--
+mono
+--
 nss (Guido Günther)
   NOTE: Trying to sync the solution for CVE-2015-4000 with security team first
   NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html

More information about the Secure-testing-commits mailing list