[Secure-testing-commits] r35267 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jul 1 19:36:36 UTC 2015 

Author: jmm
Date: 2015-07-01 19:36:36 +0000 (Wed, 01 Jul 2015)
New Revision: 35267

Modified:
   data/CVE/list
Log:
filed bug for openssh
mantis no-dsa
ruby no-dsa
drop hotword entry, no need to track as a security issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-01 18:46:06 UTC (rev 35266)
+++ data/CVE/list	2015-07-01 19:36:36 UTC (rev 35267)
@@ -5,7 +5,7 @@
 	[squeeze] - ntp <no-dsa> (Minor issue)
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
 CVE-2015-5352 [refusal deadline is not checked within the x11_open_helper function]
-	- openssh <unfixed>
+	- openssh <unfixed> (bug #790798)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
 	NOTE: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
 CVE-2015-5147 [Stack overflow in redcarpet's header_anchor]
@@ -810,6 +810,7 @@
 CVE-2015-5059 [Information disclosure]
 	RESERVED
 	- mantis <removed>
+	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/f39cf525 (1.2.x)
 	NOTE: https://mantisbt.org/bugs/view.php?id=19873
@@ -930,12 +931,6 @@
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-19.html
-CVE-2015-XXXX [chromium hotword nacl blob downloading]
-	- chromium-browser 43.0.2357.124-1 (bug #786909)
-	[jessie] - chromium-browser <no-dsa> (a non-issue for incredibly so many reasons, see my comments at https://lwn.net/Articles/648392)
-	[wheezy] - chromium-browser <not-affected> (introduced in chromium 43)
-	[squeeze] - chromium-browser <not-affected> (introduced in chromium 43)
-	NOTE: I plan to fix it during the dsa for the next round of chromium issues
 CVE-2015-XXXX [denial of service in glob_()]
 	- pure-ftpd <unfixed>
 	NOTE: https://github.com/jedisct1/pure-ftpd/commit/0627004e23a24108785dc1506c5767392b90f807
@@ -2838,6 +2833,7 @@
 	- ruby1.8 <not-affected> (Vulnerable code not present)
 	- ruby1.9.1 <not-affected> (Bundles 1.8.23, vulnerable code introduced in later 1.9.1 versions)
 	- ruby2.1 <unfixed> (bug #790119)
+	[jessie] - ruby2.1 <no-dsa> (Minor issue, can be coupled with a future Ruby DSA)
 	- ruby2.2 <unfixed> (bug #790111)
 	- jruby 1.7.20.1-2
 	[jessie] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
@@ -2846,7 +2842,6 @@
 	NOTE: https://github.com/rubygems/rubygems/commit/6bbee35
 	NOTE: https://github.com/rubygems/rubygems/commit/5c7bfb5
 	NOTE: http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
-	TODO: check
 CVE-2015-3899
 	RESERVED
 CVE-2015-3898

More information about the Secure-testing-commits mailing list