[Secure-testing-commits] r32534 - data/CVE

Ben Hutchings benh at moszumanska.debian.org
Fri Feb 27 20:47:45 UTC 2015


Author: benh
Date: 2015-02-27 20:47:44 +0000 (Fri, 27 Feb 2015)
New Revision: 32534

Modified:
   data/CVE/list
Log:
Mark CVE-2012-6686 as rejected and merge information into CVE-2013-4357

See <https://marc.info/?l=oss-security&m=142477834307260&w=2>


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-27 19:29:18 UTC (rev 32533)
+++ data/CVE/list	2015-02-27 20:47:44 UTC (rev 32534)
@@ -4924,16 +4924,8 @@
 	[wheezy] - cabextract <no-dsa> (Minor issue)
 	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
-CVE-2012-6686 [unbound alloca use in glob_in_dir]
-	RESERVED
-	- glibc 2.17-1
-	- eglibc <removed>
-	[wheezy] - eglibc 2.13-38+deb7u6
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
-	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
-	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
-	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
-	NOTE: Fixed upstream in 2.14
+CVE-2012-6686
+	REJECTED
 CVE-2012-6685 [ruby-nokogiri XXE]
 	RESERVED
 	- ruby-nokogiri 1.5.4-1 (low)
@@ -38300,11 +38292,16 @@
 	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
-CVE-2013-4357 [getaddrinfo() stack overflow]
+CVE-2013-4357 [getaddrinfo(), glob_in_dir stack overflow]
 	RESERVED
 	- eglibc 2.17-1 (unimportant; bug #742925)
-	[wheezy] - eglibc 2.13-38+deb7u5
+	[wheezy] - eglibc 2.13-38+deb7u6
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
+	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
+	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
+	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
+	NOTE: Fixed upstream in 2.14
 CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
 	- xen 4.4.0-1
 	[wheezy] - xen <not-affected> (Only affects 4.3+)




More information about the Secure-testing-commits mailing list