[Secure-testing-commits] r32353 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Feb 19 15:35:31 UTC 2015 

Author: jmm
Date: 2015-02-19 15:35:31 +0000 (Thu, 19 Feb 2015)
New Revision: 32353

Modified:
   data/CVE/list
Log:
no-dsa for jessie: binutils-mingw-w64 
spencer regex: openrtp w/o security impact, z88dk n/a
no-dsa for wheezy/squeeze: nut, macchanger
one freetype issue n/a for squeeze/wheezy
busybox tpu fix


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-19 14:46:23 UTC (rev 32352)
+++ data/CVE/list	2015-02-19 15:35:31 UTC (rev 32353)
@@ -694,8 +694,8 @@
 	- haskell-regex-posix <not-affected> (only when building on Windows, see bug #778395)
 	- cups <not-affected> (Local regex copy only used when building on Windows, see #778396)
 	- librcsb-core-wrapper 1.005-3 (bug #778397)
-	- openrpt <unfixed> (bug #778398)
-	- z88dk <unfixed> (bug #778399)
+	- openrpt <unfixed> (unimportant; bug #778398)
+	- z88dk <not-affected> (Local regex copy only used when building on Windows, see bug #778399)
 	- newlib <unfixed> (bug #778408)
 	[squeeze] - newlib <no-dsa> (Minor issue)
 	[wheezy] - newlib <no-dsa> (Minor issue)
@@ -716,12 +716,14 @@
 	NOTE: alpine uses the regex code from glibc, local fallback code not used
 	- vigor 0.016-24 (unimportant; bug #778409)
 	- nvi <unfixed> (unimportant; bug #778412)
-	NOTE: No security impact in nvi/vigor
+	NOTE: No security impact in nvi/vigor and openrpt
 	NOTE: http://www.kb.cert.org/vuls/id/695940
 	NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/16/8
-CVE-2015-XXXX [insecure storage of password]
-	- nut 2.7.2-2 (bug #777706)
+CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
+	- nut 2.7.2-2 (low; bug #777706)
+	[wheezy] - nut <no-dsa> (Minor issue)
+	[squeeze] - nut <no-dsa> (Minor issue)
 CVE-2015-1877 [command injection vulnerability]
 	- xdg-utils <unfixed> (bug #777722)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/18/7
@@ -918,6 +920,8 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
 CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 ...)
 	- freetype <unfixed> (bug #777656)
+	[wheezy] - freetype <not-affected> (Vulnerable code not present)
+	[squeeze] - freetype <not-affected> (Vulnerable code not present)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
 CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
@@ -999,6 +1003,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/09/10
 CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
 	- macchanger 1.7.0-5.3 (bug #774898)
+	[wheezy] - macchanger <no-dsa> (Minor issue)
 CVE-2015-XXXX [lame missing check for samplerate]
 	- lame 3.99.5+repack1-6 (bug #775959; bug #777160; bug #777161)
 	[wheezy] - lame <no-dsa> (Minor issue)
@@ -7840,12 +7845,14 @@
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141124-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
 	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
 CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141124-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
 	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
 CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 ...)
@@ -8154,6 +8161,7 @@
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
 	NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
@@ -8163,6 +8171,7 @@
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
@@ -8170,12 +8179,14 @@
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
 CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	- gdb <unfixed> (unimportant)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
 CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...)
@@ -8329,6 +8340,7 @@
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.90.20141104-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
@@ -8336,6 +8348,7 @@
 	{DSA-3123-2 DSA-3123-1}
 	- binutils 2.24.51.20140903-1
 	- binutils-mingw-w64 <unfixed>
+	[jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
 	NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
 	NOTE: http://openwall.com/lists/oss-security/2014/10/23/5
@@ -17708,6 +17721,7 @@
 	- lzo <removed>
 	- lzo2 2.08-1 (bug #752861)
 	- busybox 1:1.22.0-10 (bug #768945)
+	[jessie] - busybox 1:1.22.0-9+deb8u1
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	[squeeze] - busybox <no-dsa> (Minor issue)
 CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php ...)

More information about the Secure-testing-commits mailing list