[Secure-testing-commits] r32013 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Feb 6 07:53:44 UTC 2015 

Author: jmm
Date: 2015-02-06 07:53:43 +0000 (Fri, 06 Feb 2015)
New Revision: 32013

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
check status of CVE-2015-1472, squeeze not affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-06 07:50:13 UTC (rev 32012)
+++ data/CVE/list	2015-02-06 07:53:43 UTC (rev 32013)
@@ -161,8 +161,11 @@
 	RESERVED
 	- glibc <unfixed>
 	- eglibc <removed>
-	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
-	TODO: check, possibly introduced by fix for https://sourceware.org/bugzilla/show_bug.cgi?id=13138
+	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
+	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
+	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
+	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
+	NOTE:   the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
 CVE-2015-XXXX [Infinite loop in patch]
 	- patch 2.7.4-1 (bug #776271)
 	NOTE: Different from CVE-2014-9637
@@ -524,6 +527,7 @@
 	RESERVED
 	- glibc 2.19-14 (bug #722075)
 	- eglibc <removed>
+	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
 	NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
 	NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
 CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2015-02-06 07:50:13 UTC (rev 32012)
+++ data/dsa-needed.txt	2015-02-06 07:53:43 UTC (rev 32013)
@@ -15,7 +15,7 @@
 asterisk
 --
 eglibc
-  we should fix at least CVE-2013-7423, some of the othre no-dsa bugs could be fixed along
+  we should fix at least CVE-2013-7423/CVE-2015-1472, some of the othre no-dsa bugs could be fixed along
 --
 icu
 --

More information about the Secure-testing-commits mailing list