[Secure-testing-commits] r38599 - in data: . CVE
Ben Hutchings
benh at moszumanska.debian.org
Wed Dec 30 01:46:02 UTC 2015
Author: benh
Date: 2015-12-30 01:46:01 +0000 (Wed, 30 Dec 2015)
New Revision: 38599
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-29 22:43:10 UTC (rev 38598)
+++ data/CVE/list 2015-12-30 01:46:01 UTC (rev 38599)
@@ -895,11 +895,12 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
CVE-2015-8614 [no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc]
RESERVED
- - claws-mail 3.13.1-1
+ - claws-mail <unfixed>
+ - macopix <unfixed>
NOTE: http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
+ NOTE: Upstream patch is broken - first comparison uses wrong operator and others appear to assume wrong maximum character length
NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
- TODO: check (other source packages, possibly sylpheed, claws-mail, sylfilter, macopix, libsylph)
CVE-2015-8611
RESERVED
CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info]
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-12-29 22:43:10 UTC (rev 38598)
+++ data/dla-needed.txt 2015-12-30 01:46:01 UTC (rev 38599)
@@ -11,11 +11,17 @@
--
busybox (Chris Lamb)
--
+claws-mail
+--
dbconfig-common
NOTE: maintainer should take care of this, cf https://lists.debian.org/565626BF.2010307@debian.org
--
+giflib
+--
libraw
--
+librsvg
+--
libvncserver (Mike Gabriel)
NOTE: a fix is probably not trivial, as thread safety has to be backported to 0.9.7
NOTE: possibly ending up in ABI breakage, second opinion welcome!
@@ -24,6 +30,10 @@
--
lxc (Mike Gabriel)
--
+macopix
+--
+mono
+--
nss (Guido Günther)
NOTE: Trying to sync the solution for CVE-2015-4000 with security team first
NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html
More information about the Secure-testing-commits
mailing list