[Secure-testing-commits] r31247 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 10 13:01:03 UTC 2015
Author: carnil
Date: 2015-01-10 13:01:03 +0000 (Sat, 10 Jan 2015)
New Revision: 31247
Modified:
data/CVE/list
Log:
Mark fixed versions for packages included in wheezy 7.8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-10 12:55:38 UTC (rev 31246)
+++ data/CVE/list 2015-01-10 13:01:03 UTC (rev 31247)
@@ -1844,6 +1844,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e (v3.19-rc1)
CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel ...)
- linux <unfixed>
+ [wheezy] - linux 3.2.65-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1)
CVE-2014-9390 [arbitrary command execution vulnerability on case-insensitive file systems]
@@ -2978,7 +2979,7 @@
CVE-2014-9050 (Heap-based buffer overflow in the cli_scanpe function in ...)
{DLA-95-1}
- clamav 0.98.5+dfsg-1 (bug #770985)
- [wheezy] - clamav <no-dsa> (clamav is updated through stable-updates)
+ [wheezy] - clamav 0.98.5+dfsg-0+deb7u1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11155
NOTE: Upstream commit: https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
CVE-2014-9039 (wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x ...)
@@ -5838,6 +5839,7 @@
NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 (v1.2.8-rc1)
CVE-2014-8134 (The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux ...)
- linux <unfixed>
+ [wheezy] - linux 3.2.65-1
- linux-2.6 <removed>
NOTE: http://www.spinics.net/lists/kvm/msg111458.html
CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation ...)
@@ -6573,6 +6575,7 @@
NOTE: Upstream patch proposal: https://lkml.org/lkml/2014/11/12/584
CVE-2014-7842 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 ...)
- linux 3.16.7-ckt2-1
+ [wheezy] - linux 3.2.65-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1)
@@ -12527,7 +12530,7 @@
[squeeze] - libxml-dt-perl <not-affected> (Vulnerable code introduced later)
CVE-2014-6060 (The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 ...)
- dhcpcd5 6.0.5-2 (low; bug #770043)
- [wheezy] - dhcpcd5 <no-dsa> (Minor issue)
+ [wheezy] - dhcpcd5 5.5.6-1+deb7u1
- dhcpcd <not-affected> (Affects dhcpcd 4.0.0 to 6.4.2)
NOTE: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
CVE-2014-5243 (MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and ...)
@@ -17280,12 +17283,12 @@
CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to ...)
- mumble 1.2.6-1 (bug #748189)
[squeeze] - mumble <no-dsa> (Minor issue)
- [wheezy] - mumble <no-dsa> (Minor issue)
+ [wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2
NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt
CVE-2014-3755 (The QSvg module in Qt, as used in the Mumble client 1.2.x before ...)
- mumble 1.2.6-1 (bug #748189)
[squeeze] - mumble <no-dsa> (Minor issue)
- [wheezy] - mumble <no-dsa> (Minor issue)
+ [wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2
NOTE: http://mumble.info/security/Mumble-SA-2014-005.txt
CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute ...)
- qemu 2.1+dfsg-1 (bug #739589)
@@ -18743,7 +18746,7 @@
- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2980 (Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run ...)
- gnustep-base 1.24.6-1 (bug #745470)
- [wheezy] - gnustep-base <no-dsa> (Minor issue)
+ [wheezy] - gnustep-base 1.22.1-4+deb7u1
[squeeze] - gnustep-base <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?41751
CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict ...)
@@ -28486,7 +28489,7 @@
CVE-2013-6497 (clamscan in ClamAV before 0.98.5, when using -a option, allows remote ...)
{DLA-95-1}
- clamav 0.98.5+dfsg-1
- [wheezy] - clamav <no-dsa> (clamav is updated through stable-updates)
+ [wheezy] - clamav 0.98.5+dfsg-0+deb7u1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11088
CVE-2013-6496 (Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Red Hat Conga
@@ -30562,7 +30565,7 @@
CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
{DLA-71-1}
- apache2 2.4.10-2 (medium)
- [wheezy] - apache2 <no-dsa> (Will be fixed in upcoming wheezy point release)
+ [wheezy] - apache2 2.2.22-13+deb7u4
NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
NOT-FOR-US: DrayTek Vigor 2700 router
More information about the Secure-testing-commits
mailing list