[Secure-testing-commits] r31304 - in data: CVE DSA

Thijs Kinkhorst thijs at moszumanska.debian.org
Tue Jan 13 18:52:36 UTC 2015 

Author: thijs
Date: 2015-01-13 18:52:36 +0000 (Tue, 13 Jan 2015)
New Revision: 31304

Modified:
   data/CVE/list
   data/DSA/list
Log:
binutils-mingw-w64 also affected by binutils issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-13 18:36:42 UTC (rev 31303)
+++ data/CVE/list	2015-01-13 18:52:36 UTC (rev 31304)
@@ -4578,11 +4578,13 @@
 	RESERVED
 	{DSA-3123-1}
 	- binutils 2.24.90.20141124-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
 	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
 CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
 	{DSA-3123-1}
 	- binutils 2.24.90.20141124-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
 	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
 CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 ...)
@@ -4894,6 +4896,7 @@
 CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
 	{DSA-3123-1}
 	- binutils 2.24.90.20141104-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
 	NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
@@ -4902,17 +4905,20 @@
 CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
 	{DSA-3123-1}
 	- binutils 2.24.90.20141104-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
 CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in ...)
 	{DSA-3123-1}
 	- binutils 2.24.90.20141104-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
 CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
 	{DSA-3123-1}
 	- binutils 2.24.90.20141104-1
+	- binutils-mingw-w64 <unfixed>
 	- gdb <unfixed> (unimportant)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
 CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...)
@@ -5065,12 +5071,14 @@
 CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 ...)
 	{DSA-3123-1}
 	- binutils 2.24.90.20141104-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
 CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
 	{DSA-3123-1}
 	- binutils 2.24.51.20140903-1
+	- binutils-mingw-w64 <unfixed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
 	NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
 	NOTE: http://openwall.com/lists/oss-security/2014/10/23/5

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2015-01-13 18:36:42 UTC (rev 31303)
+++ data/DSA/list	2015-01-13 18:52:36 UTC (rev 31304)
@@ -1,3 +1,6 @@
+[13 Jan 2015] DSA-3123-2 binutils-mingw-w64 - security update
+	{CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738}
+	[wheezy] - binutils-mingw-w64 2+deb7u1
 [12 Jan 2015] DSA-3126-1 php5 - security update
 	[wheezy] - php5 5.4.36-0+deb7u3
 [11 Jan 2015] DSA-3125-1 openssl - security update

More information about the Secure-testing-commits mailing list