[Secure-testing-commits] r32076 - data/CVE

Sat Feb 7 21:10:16 UTC 2015

Author: sectracker
Date: 2015-02-07 21:10:16 +0000 (Sat, 07 Feb 2015)
New Revision: 32076

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-02-07 15:47:15 UTC (rev 32075)
+++ data/CVE/list	2015-02-07 21:10:16 UTC (rev 32076)
@@ -357,14 +357,14 @@
 	[squeeze] - chromium-browser <end-of-life>
 	TODO: check
 CVE-2015-1360 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...)
-        - chromium-browser <unfixed>
-        [wheezy] - chromium-browser <end-of-life>
-        [squeeze] - chromium-browser <end-of-life>
+	- chromium-browser <unfixed>
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 	TODO: check
 CVE-2015-1359 (Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, ...)
-        - chromium-browser <unfixed>
-        [wheezy] - chromium-browser <end-of-life>
-        [squeeze] - chromium-browser <end-of-life>
+	- chromium-browser <unfixed>
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 	TODO: check
 CVE-2015-1358
 	RESERVED
@@ -375,14 +375,14 @@
 CVE-2015-1355
 	RESERVED
 CVE-2014-9648 (components/navigation_interception/intercept_navigation_resource_throttle.cc ...)
-        - chromium-browser <unfixed>
-        [wheezy] - chromium-browser <end-of-life>
-        [squeeze] - chromium-browser <end-of-life>
+	- chromium-browser <unfixed>
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 	TODO: check
 CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google Chrome ...)
-        - chromium-browser <unfixed>
-        [wheezy] - chromium-browser <end-of-life>
-        [squeeze] - chromium-browser <end-of-life>
+	- chromium-browser <unfixed>
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 	TODO: check
 CVE-2014-9646 (Unquoted Windows search path vulnerability in the ...)
 	- chromium-browser <not-affected> (Windows specific problem for chromium-browser)
@@ -1352,7 +1352,7 @@
 CVE-2015-1307 (plasma-workspace before 5.1.95 allows remote attackers to obtain ...)
 	NOT-FOR-US: KDE Plasma 5 desktop, not yet packaged
 CVE-2015-1306 (The newsletter posting area in the web interface in Sympa 6.0.x before ...)
-	{DSA-3134-1}
+	{DSA-3134-1 DLA-148-1}
 	- sympa 6.1.23~dfsg-2
 	NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
 CVE-2014-9624 [CAPTCHA bypass]
@@ -1398,7 +1398,7 @@
 	[wheezy] - lhasa <no-dsa> (Minor issue)
 CVE-2014-9636 [OOB access (both read and write) issues in test_compr_eb]
 	RESERVED
-	{DSA-3152-1}
+	{DSA-3152-1 DLA-150-1}
 	- unzip 6.0-15 (bug #776589)
 	NOTE: http://seclists.org/oss-sec/2014/q4/489
 	NOTE: http://seclists.org/oss-sec/2014/q4/507
@@ -4159,12 +4159,12 @@
 	NOTE: jmm coordinating with reporters wrt CVE
 CVE-2014-9298
 	RESERVED
-	{DSA-3154-1}
+	{DSA-3154-1 DLA-149-1}
 	- ntp 1:4.2.6.p5+dfsg-4
 	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)
 CVE-2014-9297
 	RESERVED
-	{DSA-3154-1}
+	{DSA-3154-2 DSA-3154-1 DLA-149-1}
 	- ntp 1:4.2.6.p5+dfsg-5
 	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
 CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 ...)
@@ -8115,7 +8115,7 @@
 	- unzip 6.0-13 (bug #773722)
 CVE-2014-8139 [CRC32 heap overflow]
 	RESERVED
-	{DSA-3113-1 DLA-124-1}
+	{DSA-3113-1 DLA-150-1 DLA-124-1}
 	- unzip 6.0-16 (bug #773722)
 CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer ...)
 	{DSA-3106-1 DLA-121-1}
@@ -18874,7 +18874,7 @@
 CVE-2014-3661 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
 	- jenkins 1.565.3-1 (bug #763899)
 CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity ...)
-	{DSA-2978-2 DSA-3057-1 DLA-80-1}
+	{DSA-2978-2 DSA-3057-1 DLA-151-1 DLA-80-1}
 	[jessie] - libxml2 2.9.1+dfsg1-5
 	- libxml2 2.9.2+dfsg1-1 (bug #765722)
 	NOTE: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
@@ -28792,6 +28792,7 @@
 	- mplayer <not-affected> (never built against liblivemedia with incomplete patch)
 	- mplayer2 <not-affected> (b-d's on liblivemedia but doesn't actually build the support for it)
 CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
+	{DSA-3156-1}
 	- liblivemedia 2014.01.13-1
 	[wheezy] - liblivemedia <no-dsa> (Minor issue)
 	[squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
@@ -29213,7 +29214,7 @@
 CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to ...)
 	- foreman <itp> (bug #663101)
 CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before ...)
-	{DSA-2978-2}
+	{DSA-2978-2 DLA-151-1}
 	- libxml2 2.9.1+dfsg1-4 (bug #747309)
 	NOTE: The upstream patch we used in DSA-2978-1 and DLA-16-1 is only half of the fix. The other half is likely https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f which is only in libxml 2.9 and newer. This was found out with the test case given in https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-8935085.
 	NOTE: First patches: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825


