[Secure-testing-commits] r31470 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat Jan 17 23:33:51 UTC 2015
Author: jmm
Date: 2015-01-17 23:33:51 +0000 (Sat, 17 Jan 2015)
New Revision: 31470
Modified:
data/CVE/list
Log:
drop all other workarounds for kfreebsd and eglibc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-17 23:25:21 UTC (rev 31469)
+++ data/CVE/list 2015-01-17 23:33:51 UTC (rev 31470)
@@ -5631,8 +5631,6 @@
- kfreebsd-10 10.1~svn274115-1 (bug #768108)
- kfreebsd-9 <removed> (bug #768104)
- kfreebsd-8 <removed> (bug #768106)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
@@ -7394,7 +7392,6 @@
CVE-2014-7817 (The wordexp function in GNU C Library (aka glibc) 2.21 does not ...)
{DLA-97-1}
- glibc <unfixed> (bug #775572)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
NOTE: https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
@@ -12618,7 +12615,6 @@
{DLA-97-1}
- glibc 2.19-12
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17325
NOTE: https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
@@ -13126,7 +13122,6 @@
{DLA-97-1}
- glibc 2.17-1
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
@@ -14503,7 +14498,6 @@
CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in ...)
{DSA-3012-1 DLA-43-1}
- glibc 2.19-10 (medium)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- eglibc <removed> (medium)
NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
@@ -16233,7 +16227,6 @@
CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...)
- eglibc <removed>
- glibc 2.19-2 (low; bug #751774)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...)
@@ -16394,8 +16387,6 @@
- kfreebsd-8 <removed>
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-9 <removed> (bug #754237)
- kfreebsd-10 10.1~svn272463-1
CVE-2014-3952 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 ...)
@@ -16403,8 +16394,6 @@
- kfreebsd-8 <removed>
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-9 <removed> (bug #754236)
- kfreebsd-10 10.1~svn272463-1
CVE-2014-3951 (The HZ module in the iconv implementation in FreeBSD 10.0 before p6 ...)
@@ -16577,8 +16566,6 @@
- kfreebsd-8 <removed>
[wheezy] - kfreebsd-8 <no-dsa> (Will be fixed in a point update)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-9 <removed>
- kfreebsd-10 10.0-6
CVE-2014-3879
@@ -16606,8 +16593,6 @@
CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before ...)
- kfreebsd-8 <removed>
- kfreebsd-9 <removed> (bug #750493)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
@@ -16963,7 +16948,6 @@
CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...)
{DSA-3070-1}
- kfreebsd-9 <removed> (bug #766275)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-10 10.1~svn273874-1 (bug #766278)
CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the ...)
{DSA-3074-1 DSA-3072-1 DLA-94-1 DLA-86-1}
@@ -19190,8 +19174,6 @@
- kfreebsd-10 10.0-5 (bug #746949)
- kfreebsd-9 <removed> (bug #746951)
- kfreebsd-8 <removed> (bug #746952)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2999
@@ -23866,8 +23848,6 @@
CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not ...)
{DSA-2952-1}
- kfreebsd-8 <removed>
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 <removed> (bug #743984)
@@ -25838,7 +25818,6 @@
CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka ...)
{DSA-2976-1 DLA-43-1}
- glibc 2.19-6
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- eglibc <removed>
CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
{DSA-2934-1}
@@ -31285,8 +31264,6 @@
{DSA-2769-1}
- kfreebsd-9 9.2~svn255465-1 (bug #722337)
- kfreebsd-8 <removed>
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5709 (The authentication implementation in the web server on Siemens ...)
@@ -31339,8 +31316,6 @@
CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in ...)
{DSA-2769-1}
- kfreebsd-9 9.2~svn255465-1 (bug #722338)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-8 <removed>
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
@@ -31382,7 +31357,6 @@
NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...)
- kfreebsd-9 9.2~svn255465-1 (bug #722336)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[wheezy] - kfreebsd-9 <not-affected> (Only affects 9.2.x)
CVE-2013-5665
RESERVED
@@ -32555,8 +32529,6 @@
- kfreebsd-8 <removed> (bug #720476)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-9 9.2~svn254368-2 (bug #720475)
- kfreebsd-10 10.0~svn254663-1 (bug #720478)
CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the ...)
@@ -33354,8 +33326,6 @@
{DSA-2743-1}
- kfreebsd-9 9.1-4 (bug #717958)
- kfreebsd-8 8.3-7 (bug #717959)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
[squeeze] - kfreebsd-8 <not-affected> (FreeBSD NFS server implementation was not supported in squeeze)
CVE-2013-4850
@@ -33487,7 +33457,6 @@
CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...)
- glibc 2.17-94 (low; bug #717178)
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to statically linked binaries)
CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
@@ -34517,7 +34486,6 @@
CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
- eglibc <removed>
- glibc 2.18-1 (low; bug #727181)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
@@ -34966,7 +34934,6 @@
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
- glibc 2.17-93 (bug #722536)
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...)
@@ -35303,7 +35270,6 @@
CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
- eglibc <removed>
- glibc 2.17-94 (bug #719558)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
@@ -37678,8 +37644,6 @@
{DSA-2672-1}
- kfreebsd-9 9.0-11 (bug #706414)
- kfreebsd-8 <removed> (bug #706418)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[wheezy] - kfreebsd-8 <no-dsa> (new NFS server is not enabled)
[squeeze] - kfreebsd-8 <no-dsa> (new NFS server is not enabled)
NOTE: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc
@@ -38109,8 +38073,6 @@
- kfreebsd-8 <removed> (bug #720470)
[wheezy] - kfreebsd-8 8.3-6+deb7u1
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-9 9.2~svn254368-2 (bug #720468)
- kfreebsd-10 10.0~svn254663-1 (bug #720471)
CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...)
@@ -40479,7 +40441,6 @@
[wheezy] - tpp <no-dsa> (Minor issue)
CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not ...)
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- glibc <unfixed> (low; bug #717544)
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -40606,7 +40567,6 @@
{DSA-2714-1}
- kfreebsd-9 9.0-12 (bug #712664)
- kfreebsd-8 <not-affected> (Only affects 9.x)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
CVE-2013-2170
REJECTED
CVE-2013-2169
@@ -41486,7 +41446,6 @@
CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
- eglibc <removed>
- glibc 2.17-2 (low; bug #704623)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
@@ -46722,7 +46681,6 @@
CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
- eglibc <removed>
- glibc 2.17-2 (low; bug #699399)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q1/202
@@ -49900,8 +49858,6 @@
RESERVED
- kfreebsd-8 <removed> (low; bug #690986)
- kfreebsd-9 <removed> (low)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
@@ -49912,8 +49868,6 @@
CVE-2012-5363
RESERVED
- kfreebsd-8 <removed> (low; bug #690986)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
@@ -52656,7 +52610,6 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- glibc 2.17-94 (low; bug #689423)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -52702,7 +52655,6 @@
CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
- eglibc <removed>
- glibc 2.17-94 (low; bug #687530)
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
[wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ...)
@@ -55321,7 +55273,6 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- glibc <unfixed> (low; bug #681888)
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -55331,7 +55282,6 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
- eglibc <removed>
- [jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
- glibc 2.13-35 (low; bug #681473)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -71947,8 +71897,6 @@
CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
- kfreebsd-7 <removed> (low)
- kfreebsd-8 <removed> (low)
- [jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- [jessie] - kfreebsd-8 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
- kfreebsd-9 <removed> (low; bug #684072)
More information about the Secure-testing-commits
mailing list