[Secure-testing-commits] r32049 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Feb 7 09:10:25 UTC 2015 

Author: sectracker
Date: 2015-02-07 09:10:25 +0000 (Sat, 07 Feb 2015)
New Revision: 32049

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-07 07:27:02 UTC (rev 32048)
+++ data/CVE/list	2015-02-07 09:10:25 UTC (rev 32049)
@@ -3240,15 +3240,15 @@
 	NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific)
 CVE-2014-9423
 	RESERVED
-	{DSA-3153-1}
+	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
 CVE-2014-9422
 	RESERVED
-	{DSA-3153-1}
+	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
 CVE-2014-9421
 	RESERVED
-	{DSA-3153-1}
+	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
 CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei ...)
 	NOT-FOR-US: Huawei
@@ -14601,7 +14601,7 @@
 	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
 CVE-2014-5352
 	RESERVED
-	{DSA-3153-1}
+	{DSA-3153-1 DLA-146-1}
 	- krb5 1.12.1+dfsg-17
 CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
 	- krb5 1.12.1+dfsg-10 (bug #762479)
@@ -18755,7 +18755,7 @@
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b69040d8e39f20d5215a03502a8e8b4c6ab78395 (v3.18-rc1)
 CVE-2014-3686 (wpa_supplicant and hostapd 0.7.2 through 2.2, when running with ...)
-	{DSA-3052-1}
+	{DSA-3052-1 DLA-147-1}
 	- wpasupplicant <removed>
 	- hostapd <removed>
 	[squeeze] - hostapd <not-affected> (Vulnerable code not present in 0.6.10)
@@ -18832,7 +18832,7 @@
 CVE-2014-3661 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
 	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity ...)
-	{DSA-3057-1 DLA-80-1}
+	{DSA-2978-2 DSA-3057-1 DLA-80-1}
 	[jessie] - libxml2 2.9.1+dfsg1-5
 	- libxml2 2.9.2+dfsg1-1 (bug #765722)
 	NOTE: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
@@ -29171,6 +29171,7 @@
 CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to ...)
 	- foreman <itp> (bug #663101)
 CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before ...)
+	{DSA-2978-2}
 	- libxml2 2.9.1+dfsg1-4 (bug #747309)
 	NOTE: The upstream patch we used in DSA-2978-1 and DLA-16-1 is only half of the fix. The other half is likely https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f which is only in libxml 2.9 and newer. This was found out with the test case given in https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-8935085.
 	NOTE: First patches: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825

More information about the Secure-testing-commits mailing list