[Secure-testing-commits] r35560 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat Jul 18 21:10:24 UTC 2015


Author: sectracker
Date: 2015-07-18 21:10:24 +0000 (Sat, 18 Jul 2015)
New Revision: 35560

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-18 19:12:23 UTC (rev 35559)
+++ data/CVE/list	2015-07-18 21:10:24 UTC (rev 35560)
@@ -3110,13 +3110,13 @@
 	NOTE: inflatehd not installed into the Debian binary packages
 CVE-2015-5523 [small file can lead to a 4 Gb allocation; potential DoS]
 	RESERVED
-	{DLA-273-1}
+	{DSA-3309-1 DLA-273-1}
 	- tidy <unfixed> (bug #792571)
 	NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
 CVE-2015-5522 [AddressSanitizer: heap-buffer-overflow WRITE of size 1]
 	RESERVED
-	{DLA-273-1}
+	{DSA-3309-1 DLA-273-1}
 	- tidy <unfixed> (bug #792571)
 	NOTE: https://github.com/htacg/tidy-html5/issues/217
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
@@ -5788,6 +5788,7 @@
 	RESERVED
 CVE-2015-3253
 	RESERVED
+	{DLA-274-1}
 	- groovy <unfixed>
 	- groovy2 <unfixed>
 	TODO: check, affected should be all versions ranging from 1.7.0 to 2.4.3.
@@ -17976,6 +17977,7 @@
 	NOT-FOR-US: TYPO3 Extension ke_questionnaire
 CVE-2014-8873 [MIME type registration for JAR files in the Debian OpenJDK packages enable user-initiated remote code execution]
 	RESERVED
+	{DSA-3235-1}
 	- openjdk-8 8u45-b14-1 (high)
 	- openjdk-7 7u79-2.5.5-1 (high)
 	- openjdk-6 <removed> (high)
@@ -24157,6 +24159,7 @@
 	- elasticsearch 1.0.3+dfsg-4 (bug #763958; low)
 CVE-2014-6438
 	RESERVED
+	{DLA-275-1}
 	- ruby1.9.1 1.9.3.0-1
 	- ruby1.8 <not-affected> (Vulnerable code not present)
 	NOTE: https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/




More information about the Secure-testing-commits mailing list