[Secure-testing-commits] r32237 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Feb 14 18:37:05 UTC 2015
Author: jmm
Date: 2015-02-14 18:37:05 +0000 (Sat, 14 Feb 2015)
New Revision: 32237
Modified:
data/CVE/list
Log:
spencer/regex:
confirmed for clamav (uses local regexp engine to provide consistent regexp
handling across all supported arch)
nvi: code exists and is in use, but without security impact
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-14 16:30:27 UTC (rev 32236)
+++ data/CVE/list 2015-02-14 18:37:05 UTC (rev 32237)
@@ -66,7 +66,7 @@
- llvm-toolchain-3.5 <unfixed> (bug #778392)
- llvm-toolchain-3.6 <unfixed> (bug #778393)
- llvm-toolchain-snapshot <unfixed> (bug #778394)
- - haskell-regex-posix <not-affected> (bug #778395 ; only when building on windows)
+ - haskell-regex-posix <not-affected> (only when building on Windows, see bug #778395)
- cups <unfixed> (bug #778396)
- librcsb-core-wrapper <unfixed> (bug #778397)
- openrpt <unfixed> (bug #778398)
@@ -76,13 +76,14 @@
- vnc4 <unfixed> (bug #778403)
- sma <unfixed> (bug #778410)
- clamav <unfixed> (bug #778406)
+ [wheezy] - clamav <no-dsa> (Updated through stable-updates)
- knews <unfixed> (bug #778401)
- radare2 <unfixed> (bug #778402)
- efl <unfixed> (bug #778414)
- ptlib <unfixed> (bug #778404)
- alpine <unfixed> (bug #778413)
- vigor <unfixed> (bug #778409)
- - nvi <unfixed> (bug #778412)
+ - nvi <unfixed> (unimportant; bug #778412)
NOTE: http://www.kb.cert.org/vuls/id/695940
NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
CVE-2015-XXXX [insecure storage of password]
More information about the Secure-testing-commits
mailing list