[Secure-testing-commits] r32156 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Feb 11 09:59:42 UTC 2015 

Author: jmm
Date: 2015-02-11 09:59:31 +0000 (Wed, 11 Feb 2015)
New Revision: 32156

Modified:
   data/CVE/list
Log:
libmnl issue actually a kernel issue (only open in squeeze)
no-dsa: spring, potrace


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-11 09:23:38 UTC (rev 32155)
+++ data/CVE/list	2015-02-11 09:59:31 UTC (rev 32156)
@@ -267,6 +267,7 @@
 CVE-2015-XXXX [lame missing check for samplerate]
 	- lame 3.99.5+repack1-6 (bug #775959; bug #777160; bug #777161)
 	[wheezy] - lame <no-dsa> (Minor issue)
+	[squeeze] - lame <no-dsa> (Minor issue)
 CVE-2015-XXXX [denial of service under memory stress]
 	- libhtp <unfixed> (bug #777522)
 	[squeeze] - libhtp <no-dsa> (Minor issue)
@@ -316,14 +317,18 @@
 	TODO: check
 CVE-2013-XXXX [possible heap overflow]
 	- potrace <unfixed>
+	[wheezy] - potrace <no-dsa> (Minor issue)
+	[squeeze] - potrace <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/12
-	TODO: check
 CVE-2012-XXXX [Incorrect validation of netlink message origin allows attackers to spoof netlink messages]
-	- libmnl <unfixed>
+	- linux 3.6.4-1
+	[wheezy] - linux 3.2.30-1
+	- linux-2.6 <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/13
-	TODO: check
+	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (3.6)
+	NOTE: Also fixed in 3.2.30
 CVE-2012-XXXX [Out-of heap-based buffer write in GIF encoder]
 	- byzanz <unfixed>
 	[squeeze] - byzanz <no-dsa> (Minor issue)
@@ -19308,6 +19313,7 @@
 	RESERVED
 CVE-2014-3625 (Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 ...)
 	- libspring-java <unfixed> (bug #769698)
+	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
 	NOTE: https://jira.spring.io/browse/SPR-12354
 	NOTE: http://www.pivotal.io/security/cve-2014-3625
@@ -19737,6 +19743,7 @@
 CVE-2014-3527
 	RESERVED
 	- libspring-security-java <itp> (bug #582181)
+	[wheezy] - libspring-java <no-dsa> (Minor issue)
 CVE-2014-3526
 	RESERVED
 CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...)

More information about the Secure-testing-commits mailing list