[Secure-testing-commits] r32424 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Mon Feb 23 09:39:47 UTC 2015 

Author: sectracker
Date: 2015-02-23 09:35:06 +0000 (Mon, 23 Feb 2015)
New Revision: 32424

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-23 06:20:25 UTC (rev 32423)
+++ data/CVE/list	2015-02-23 09:35:06 UTC (rev 32424)
@@ -934,7 +934,7 @@
 	NOTE: https://review.openstack.org/#/c/122427/
 CVE-2014-9683 [ecryptfs 1-byte overwrite]
 	RESERVED
-	{DSA-3169-1}
+	{DSA-3170-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
@@ -1018,7 +1018,7 @@
 	NOT-FOR-US: FlexPaper
 CVE-2015-1593 [Linux ASLR integer overflow]
 	RESERVED
-	{DSA-3169-1 DLA-155-1}
+	{DSA-3170-1 DLA-155-1}
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
@@ -1633,6 +1633,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/02/2
 CVE-2015-1473 [silly hairsplitting ID related to CVE-2015-1472]
 	RESERVED
+	{DSA-3169-1}
 	- glibc 2.19-15 (bug #777197)
 	- eglibc <removed>
 	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
@@ -1642,6 +1643,7 @@
 	NOTE:   the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
 CVE-2015-1472 [incorrect second argument to realloc leads to a buffer overflow]
 	RESERVED
+	{DSA-3169-1}
 	- glibc 2.19-15 (bug #777197)
 	- eglibc <removed>
 	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
@@ -1845,6 +1847,7 @@
 	- kamailio 4.0.2-1 (bug #712083)
 CVE-2013-7424 [Invalid-free when using getaddrinfo()]
 	RESERVED
+	{DSA-3169-1}
 	- glibc 2.15-1
 	- eglibc 2.15-1
 	NOTE: http://seclists.org/oss-sec/2015/q1/306
@@ -1852,13 +1855,13 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
 CVE-2015-1421 [net: sctp: slab corruption from use after free on INIT collisions]
 	RESERVED
-	{DSA-3169-1 DLA-155-1}
+	{DSA-3170-1 DLA-155-1}
 	- linux 3.16.7-ckt4-3
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
 CVE-2015-1420 [fs/fhandle.c race condition]
 	RESERVED
-	{DSA-3169-1}
+	{DSA-3170-1}
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Introduced in 2.6.39)
 	NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
@@ -2035,7 +2038,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
 CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]
 	RESERVED
-	{DSA-3169-1}
+	{DSA-3170-1}
 	- linux 3.16.7-ckt4-2
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
@@ -2044,7 +2047,7 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7 (v3.19-rc1)
 CVE-2014-9644 [related to CVE-2013-7421, not handling crypto templates correctly]
 	RESERVED
-	{DSA-3169-1}
+	{DSA-3170-1}
 	- linux 3.16.7-ckt4-2
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
@@ -4086,7 +4089,7 @@
 CVE-2015-0565
 	RESERVED
 CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel ...)
-	{DSA-3169-1 DLA-155-1}
+	{DSA-3170-1 DLA-155-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb
@@ -5426,7 +5429,7 @@
 	NOTE: https://bugs.php.net/bug.php?id=68735
 CVE-2014-9402 [endless loop in getaddr_r]
 	RESERVED
-	{DLA-122-1}
+	{DSA-3169-1 DLA-122-1}
 	- glibc 2.19-14 (bug #775572)
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
@@ -6783,7 +6786,7 @@
 	RESERVED
 CVE-2015-0239 [KVM SYSENTER emulation vulnerability]
 	RESERVED
-	{DSA-3169-1}
+	{DSA-3170-1}
 	- linux 3.16.7-ckt4-2
 	- linux-2.6 <removed>
 	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c60435261deaefeb53ce3222d04d7d5bea81296
@@ -8594,7 +8597,7 @@
 	NOTE: also required: https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b
 	NOTE: the initial commit would be an incomplete fix and needs additional changes
 CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 ...)
-	{DSA-3169-1}
+	{DSA-3170-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <not-affected> (Introduced in 2.6.38)
 	NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
@@ -9487,7 +9490,7 @@
 	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
 CVE-2014-8160 [iptables restriction bypass if a protocol handler kernel module not loaded]
 	RESERVED
-	{DSA-3169-1 DLA-155-1}
+	{DSA-3170-1 DLA-155-1}
 	- linux 3.16.7-ckt4-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1)
@@ -10561,7 +10564,7 @@
 	NOTE: Fixed by http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
 CVE-2014-7822 [splice: lack of generic write checks]
 	RESERVED
-	{DSA-3169-1 DLA-155-1}
+	{DSA-3170-1 DLA-155-1}
 	- linux 3.16.2-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958 (v3.16-rc1)
@@ -19455,6 +19458,7 @@
 	[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
 	[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
 CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...)
+	{DSA-3169-1}
 	- eglibc <removed>
 	- glibc 2.19-2 (low; bug #751774)
 	[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -58558,6 +58562,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
 CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
+	{DSA-3169-1}
 	- eglibc <removed>
 	- glibc 2.19-14 (low; bug #681888)
 	[squeeze] - eglibc <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list