[Secure-testing-commits] r32388 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Feb 21 21:25:12 UTC 2015


Author: jmm
Date: 2015-02-21 21:25:12 +0000 (Sat, 21 Feb 2015)
New Revision: 32388

Modified:
   data/CVE/list
Log:
filed bug for mini-httpd
one php issue no-dsa for jessie, one fixed in 5.6.6
newlib no-dsa for jessie, vnc4 not affected



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-21 21:19:50 UTC (rev 32387)
+++ data/CVE/list	2015-02-21 21:25:12 UTC (rev 32388)
@@ -1034,13 +1034,15 @@
 	- openrpt <unfixed> (unimportant; bug #778398)
 	- z88dk <not-affected> (Local regex copy only used when building on Windows, see bug #778399)
 	- newlib <unfixed> (bug #778408)
+	[jessie] - newlib <no-dsa> (Minor issue)
 	[squeeze] - newlib <no-dsa> (Minor issue)
 	[wheezy] - newlib <no-dsa> (Minor issue)
 	- yap <unfixed> (low; bug #778410)
 	[jessie] - yap <no-dsa> (Minor issue)
 	[squeeze] - yap <no-dsa> (Minor issue)
 	[wheezy] - yap <no-dsa> (Minor issue)
-	- vnc4 <unfixed> (bug #778403)
+	- vnc4 <unfixed> (unimportant; bug #778403)
+        NOTE: affected code not built in vnc4
 	- sma <not-affected> (Local regex copy only used when building on Windows, see #778411)
 	- clamav <unfixed> (unimportant; bug #778406)
 	NOTE: Only exploitable through virusdb updates, which need to be trusted anywaya
@@ -1106,8 +1108,7 @@
 CVE-2015-1549
 	RESERVED
 CVE-2015-1548 (mini_httpd 1.21 and earlier allows remote attackers to obtain ...)
-	- mini-httpd <unfixed>
-	TODO: check
+	- mini-httpd <unfixed> (bug #778925)
 CVE-2015-1544
 	RESERVED
 CVE-2015-1543
@@ -6657,7 +6658,7 @@
 	RESERVED
 CVE-2015-0273 [use after free vulnerability in unserialize() with DateTimeZone]
 	RESERVED
-	- php5 <unfixed>
+	- php5 5.6.6+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=68942
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
@@ -15987,6 +15988,7 @@
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
 	- php5 <unfixed> (low; bug #759282)
+	[jessie] - php5 <no-dsa> (Minor issue)
 	[wheezy] - php5 <no-dsa> (Minor issue)
 	[squeeze] - php5 <no-dsa> (Minor issue)
 CVE-2014-5450




More information about the Secure-testing-commits mailing list