[Secure-testing-commits] r32388 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Feb 21 21:25:12 UTC 2015
Author: jmm
Date: 2015-02-21 21:25:12 +0000 (Sat, 21 Feb 2015)
New Revision: 32388
Modified:
data/CVE/list
Log:
filed bug for mini-httpd
one php issue no-dsa for jessie, one fixed in 5.6.6
newlib no-dsa for jessie, vnc4 not affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-21 21:19:50 UTC (rev 32387)
+++ data/CVE/list 2015-02-21 21:25:12 UTC (rev 32388)
@@ -1034,13 +1034,15 @@
- openrpt <unfixed> (unimportant; bug #778398)
- z88dk <not-affected> (Local regex copy only used when building on Windows, see bug #778399)
- newlib <unfixed> (bug #778408)
+ [jessie] - newlib <no-dsa> (Minor issue)
[squeeze] - newlib <no-dsa> (Minor issue)
[wheezy] - newlib <no-dsa> (Minor issue)
- yap <unfixed> (low; bug #778410)
[jessie] - yap <no-dsa> (Minor issue)
[squeeze] - yap <no-dsa> (Minor issue)
[wheezy] - yap <no-dsa> (Minor issue)
- - vnc4 <unfixed> (bug #778403)
+ - vnc4 <unfixed> (unimportant; bug #778403)
+ NOTE: affected code not built in vnc4
- sma <not-affected> (Local regex copy only used when building on Windows, see #778411)
- clamav <unfixed> (unimportant; bug #778406)
NOTE: Only exploitable through virusdb updates, which need to be trusted anywaya
@@ -1106,8 +1108,7 @@
CVE-2015-1549
RESERVED
CVE-2015-1548 (mini_httpd 1.21 and earlier allows remote attackers to obtain ...)
- - mini-httpd <unfixed>
- TODO: check
+ - mini-httpd <unfixed> (bug #778925)
CVE-2015-1544
RESERVED
CVE-2015-1543
@@ -6657,7 +6658,7 @@
RESERVED
CVE-2015-0273 [use after free vulnerability in unserialize() with DateTimeZone]
RESERVED
- - php5 <unfixed>
+ - php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68942
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
@@ -15987,6 +15988,7 @@
NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
- php5 <unfixed> (low; bug #759282)
+ [jessie] - php5 <no-dsa> (Minor issue)
[wheezy] - php5 <no-dsa> (Minor issue)
[squeeze] - php5 <no-dsa> (Minor issue)
CVE-2014-5450
More information about the Secure-testing-commits
mailing list