[Secure-testing-commits] r32534 - data/CVE
Ben Hutchings
benh at moszumanska.debian.org
Fri Feb 27 20:47:45 UTC 2015
Author: benh
Date: 2015-02-27 20:47:44 +0000 (Fri, 27 Feb 2015)
New Revision: 32534
Modified:
data/CVE/list
Log:
Mark CVE-2012-6686 as rejected and merge information into CVE-2013-4357
See <https://marc.info/?l=oss-security&m=142477834307260&w=2>
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-27 19:29:18 UTC (rev 32533)
+++ data/CVE/list 2015-02-27 20:47:44 UTC (rev 32534)
@@ -4924,16 +4924,8 @@
[wheezy] - cabextract <no-dsa> (Minor issue)
[squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
-CVE-2012-6686 [unbound alloca use in glob_in_dir]
- RESERVED
- - glibc 2.17-1
- - eglibc <removed>
- [wheezy] - eglibc 2.13-38+deb7u6
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
- NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
- NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
- NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
- NOTE: Fixed upstream in 2.14
+CVE-2012-6686
+ REJECTED
CVE-2012-6685 [ruby-nokogiri XXE]
RESERVED
- ruby-nokogiri 1.5.4-1 (low)
@@ -38300,11 +38292,16 @@
[wheezy] - libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
-CVE-2013-4357 [getaddrinfo() stack overflow]
+CVE-2013-4357 [getaddrinfo(), glob_in_dir stack overflow]
RESERVED
- eglibc 2.17-1 (unimportant; bug #742925)
- [wheezy] - eglibc 2.13-38+deb7u5
+ [wheezy] - eglibc 2.13-38+deb7u6
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
+ NOTE: Fixed upstream in 2.14
CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
- xen 4.4.0-1
[wheezy] - xen <not-affected> (Only affects 4.3+)
More information about the Secure-testing-commits
mailing list