[Secure-testing-commits] r31430 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Jan 17 15:22:37 UTC 2015
Author: jmm
Date: 2015-01-17 15:22:37 +0000 (Sat, 17 Jan 2015)
New Revision: 31430
Modified:
data/CVE/list
Log:
no-dsa: mutt, jar, httpcomponents-client
record upstream fix for glibc issue
record glibc bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-17 15:22:19 UTC (rev 31429)
+++ data/CVE/list 2015-01-17 15:22:37 UTC (rev 31430)
@@ -62,6 +62,7 @@
RESERVED
CVE-2015-1039
RESERVED
+ NOT-FOR-US: zfcUser
CVE-2015-1037
RESERVED
CVE-2015-1036
@@ -487,10 +488,12 @@
CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...)
NOT-FOR-US: Hancom Office 2010 SE
CVE-2015-XXXX [smime_keys: insecure use of /tmp]
- - mutt <unfixed> (bug #775199)
+ - mutt <unfixed> (low; bug #775199)
+ [jessie] - mutt <no-dsa> (Minor issue)
[wheezy] - mutt <no-dsa> (Minor issue)
CVE-2015-XXXX [djvudigital: insecure use of /tmp]
- djvulibre <unfixed> (bug #775193)
+ [jessie] - djvulibre <no-dsa> (Minor issue)
[wheezy] - djvulibre <no-dsa> (Minor issue)
CVE-2015-XXXX [mktexlsr: insecure use of /tmp]
- texlive-bin 2014.20140926.35254-5 (bug #775139)
@@ -1391,11 +1394,11 @@
[wheezy] - ha <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/16/3
CVE-2015-XXXX [jar: directory traversal]
- - openjdk-8 <undetermined>
+ - openjdk-8 <unfixed>
- openjdk-7 <unfixed> (bug #774953)
+ [jessie] - openjdk-7 <no-dsa> (Can be fixed when/if fixed in an Oracle CPU update)
[wheezy] - openjdk-7 <no-dsa> (Can be fixed when/if fixed in an Oracle CPU update)
- - openjdk-6 <undetermined>
- TODO: check
+ - openjdk-6 <unfixed>
NOTE: Reported to Oracle, no reply so far
NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
CVE-2015-XXXX [Null Pointer Deference in ereg(regex)]
@@ -2492,7 +2495,7 @@
CVE-2014-9402 [endless loop in getaddr_r]
RESERVED
{DLA-122-1}
- - glibc <unfixed>
+ - glibc <unfixed> (bug #775572)
- eglibc <removed>
[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
@@ -7369,7 +7372,7 @@
- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7817 (The wordexp function in GNU C Library (aka glibc) 2.21 does not ...)
{DLA-97-1}
- - glibc <unfixed>
+ - glibc <unfixed> (bug #775572)
[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
@@ -17421,6 +17424,8 @@
NOTE: Fixed in experimental with 3.2.12-1
CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
- httpcomponents-client 4.3.5-1
+ [wheezy] - httpcomponents-client <no-dsa> (Minor issue)
+ [squeeze] - httpcomponents-client <no-dsa> (Minor issue)
CVE-2014-3576
RESERVED
CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and ...)
@@ -55289,9 +55294,8 @@
- glibc <unfixed> (low; bug #681888)
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
- NOTE: https://bugzilla.redhat.com/attachment.cgi?id=594722&action=diff
- NOTE: https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diff
+ NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
More information about the Secure-testing-commits
mailing list