[Secure-testing-commits] r31955 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Feb 4 08:26:20 UTC 2015 

Author: jmm
Date: 2015-02-04 08:26:20 +0000 (Wed, 04 Feb 2015)
New Revision: 31955

Modified:
   data/CVE/list
Log:
cabextract no-dsa
one php issue n/a for wheezy
drop one php issue (CVE assignment deferred and nothing else came up)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-04 07:11:43 UTC (rev 31954)
+++ data/CVE/list	2015-02-04 08:26:20 UTC (rev 31955)
@@ -1,10 +1,13 @@
 CVE-2015-XXXX [Invalid read in ensure_filepath]
 	- libmspack 0.5-1
-	- cabextract <unfixed>
+	[wheezy] - cabextract <no-dsa> (Minor issue)
+	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
 CVE-2015-XXXX [Invalid read in create_output_name]
 	- libmspack 0.5-1
 	- cabextract <unfixed>
+	[wheezy] - cabextract <no-dsa> (Minor issue)
+	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
 CVE-2014-XXXX [Multiple imagemagick bugs]
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
@@ -2571,26 +2574,19 @@
 	[wheezy] - openjdk-6 <no-dsa> (Can be fixed when/if fixed in an Oracle CPU update)
 	NOTE: Reported to Oracle, no reply so far
 	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
-CVE-2015-XXXX [Null Pointer Deference in ereg(regex)]
-	- php5 <unfixed>
-	NOTE: https://bugs.php.net/bug.php?id=68740
-	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
-	NOTE: CVE assignment deferred: http://www.openwall.com/lists/oss-security/2015/01/24/9
-	TODO: check
 CVE-2015-1352 [Null Pointer Deference in pgsql]
 	RESERVED
 	- php5 <unfixed>
 	[squeeze] - php5 <not-affected> (vulnerable code (build_tablename()) introduced later)
 	NOTE: https://bugs.php.net/bug.php?id=68741
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
-	TODO: check
 CVE-2015-1351 [Use after free in 'opcache' component of PHP]
 	RESERVED
 	- php5 <unfixed>
-	[squeeze] - php5 <not-affected> (vulnerable code introduced later)
+	[squeeze] - php5 <not-affected> (opcache introduced in 5.5)
+	[wheezy] - php5 <not-affected> (opcache introduced in 5.5)
 	NOTE: https://bugs.php.net/bug.php?id=68677
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
-	TODO: check
 CVE-2015-XXXX [insecure keyring handling]
 	- weboob 1.0-3 (low; bug #774838)
 	[wheezy] - weboob <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list