[Secure-testing-commits] r32156 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 11 09:59:42 UTC 2015
Author: jmm
Date: 2015-02-11 09:59:31 +0000 (Wed, 11 Feb 2015)
New Revision: 32156
Modified:
data/CVE/list
Log:
libmnl issue actually a kernel issue (only open in squeeze)
no-dsa: spring, potrace
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-11 09:23:38 UTC (rev 32155)
+++ data/CVE/list 2015-02-11 09:59:31 UTC (rev 32156)
@@ -267,6 +267,7 @@
CVE-2015-XXXX [lame missing check for samplerate]
- lame 3.99.5+repack1-6 (bug #775959; bug #777160; bug #777161)
[wheezy] - lame <no-dsa> (Minor issue)
+ [squeeze] - lame <no-dsa> (Minor issue)
CVE-2015-XXXX [denial of service under memory stress]
- libhtp <unfixed> (bug #777522)
[squeeze] - libhtp <no-dsa> (Minor issue)
@@ -316,14 +317,18 @@
TODO: check
CVE-2013-XXXX [possible heap overflow]
- potrace <unfixed>
+ [wheezy] - potrace <no-dsa> (Minor issue)
+ [squeeze] - potrace <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/12
- TODO: check
CVE-2012-XXXX [Incorrect validation of netlink message origin allows attackers to spoof netlink messages]
- - libmnl <unfixed>
+ - linux 3.6.4-1
+ [wheezy] - linux 3.2.30-1
+ - linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/13
- TODO: check
+ NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (3.6)
+ NOTE: Also fixed in 3.2.30
CVE-2012-XXXX [Out-of heap-based buffer write in GIF encoder]
- byzanz <unfixed>
[squeeze] - byzanz <no-dsa> (Minor issue)
@@ -19308,6 +19313,7 @@
RESERVED
CVE-2014-3625 (Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 ...)
- libspring-java <unfixed> (bug #769698)
+ [wheezy] - libspring-java <no-dsa> (Minor issue)
NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
NOTE: https://jira.spring.io/browse/SPR-12354
NOTE: http://www.pivotal.io/security/cve-2014-3625
@@ -19737,6 +19743,7 @@
CVE-2014-3527
RESERVED
- libspring-security-java <itp> (bug #582181)
+ [wheezy] - libspring-java <no-dsa> (Minor issue)
CVE-2014-3526
RESERVED
CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...)
More information about the Secure-testing-commits
mailing list