[Secure-testing-commits] r34760 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jun 6 11:03:36 UTC 2015 

Author: carnil
Date: 2015-06-06 11:03:36 +0000 (Sat, 06 Jun 2015)
New Revision: 34760

Modified:
   data/CVE/list
Log:
Add packages which got added in the point release

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-06 10:38:58 UTC (rev 34759)
+++ data/CVE/list	2015-06-06 11:03:36 UTC (rev 34760)
@@ -389,7 +389,7 @@
 	RESERVED
 CVE-2015-XXXX [XSS in group administration]
 	- php-horde 5.2.5+debian0-1 (bug #785364)
-	[jessie] - php-horde <no-dsa> (Minor issue)
+	[jessie] - php-horde 5.2.1+debian0-2+deb8u1
 	NOTE: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
 CVE-2015-4053
 	RESERVED
@@ -404,7 +404,7 @@
 CVE-2015-4054 [remote crash/DoS - invalid packet order causes lookup of NULL pointer]
 	RESERVED
 	- pgbouncer 1.5.5-1
-	[jessie] - pgbouncer <no-dsa> (Minor issue)
+	[jessie] - pgbouncer 1.5.4-6+deb8u1
 	[wheezy] - pgbouncer <no-dsa> (Minor issue)
 	[squeeze] - pgbouncer <no-dsa> (Minor issue)
 	NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
@@ -990,7 +990,7 @@
 CVE-2015-3886 [does not correctly check certificates for validity]
 	RESERVED
 	- libinfinity 0.6.6-1 (bug #783601)
-	[jessie] - libinfinity <no-dsa> (Will be fixed through a point release update, cf. #786720)
+	[jessie] - libinfinity 0.6.6-1~deb8u1
 	[wheezy] - libinfinity <no-dsa> (Can be fixed thorugh a point release update)
 	[squeeze] - libinfinity <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
@@ -1384,7 +1384,7 @@
 	[wheezy] - ufraw <no-dsa> (Minor issue)
 	[squeeze] - ufraw <no-dsa> (Minor issue)
 	- libraw 0.16.2-1 (bug #786788)
-	[jessie] - libraw <no-dsa> (Minor issue)
+	[jessie] - libraw 0.16.0-9+deb8u1
 	[wheezy] - libraw <no-dsa> (Minor issue)
 	[squeeze] - libraw <no-dsa> (Minor issue)
 	- rawtherapee 4.2-2
@@ -1399,7 +1399,7 @@
 	[wheezy] - xbmc <no-dsa> (Minor issue)
 	- kodi <itp> (bug #767180)
 	- exactimage 0.9.1-5 (bug #786785)
-	[jessie] - exactimage <no-dsa> (Minor issue)
+	[jessie] - exactimage 0.8.9-7+deb8u1
 	[wheezy] - exactimage <no-dsa> (Minor issue)
 	[squeeze] - exactimage <no-dsa> (Minor issue)
 	- freeimage <unfixed> (bug #786790)
@@ -1414,7 +1414,7 @@
 CVE-2015-3880 [open redirect]
 	RESERVED
 	- phpbb3 3.0.14-1
-	[jessie] - phpbb3 <no-dsa> (Minor issue)
+	[jessie] - phpbb3 3.0.12-5+deb8u1
 	[wheezy] - phpbb3 <no-dsa> (Minor issue)
 	[squeeze] - phpbb3 <no-dsa> (Minor issue)
 	NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.14
@@ -1424,13 +1424,13 @@
 	- pdf2djvu 0.7.21-1 (bug #784889)
 	[squeeze] - pdf2djvu <no-dsa> (Minor issue)
 	[wheezy] - pdf2djvu <no-dsa> (Minor issue)
-	[jessie] - pdf2djvu <no-dsa> (Minor issue)
+	[jessie] - pdf2djvu 0.7.17-4+deb8u1
 	NOTE: https://bitbucket.org/jwilk/pdf2djvu/issue/103
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-XXXX [didjvu: insecure use of /tmp when executing c44]
 	- didjvu 0.4-1 (bug #784888)
 	[wheezy] - didjvu <no-dsa> (Minor issue)
-	[jessie] - didjvu <no-dsa> (Minor issue)
+	[jessie] - didjvu 0.2.8-1+deb8u1
 	NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
 CVE-2015-4146 [EAP-pwd missing payload length validation]
@@ -1495,25 +1495,25 @@
 	- semi 1.14.7~0.20120428-17 (bug #784712)
 	[squeeze] - semi <no-dsa> (Minor issue)
 	[wheezy] - semi <no-dsa> (Minor issue)
-	[jessie] - semi <no-dsa> (Minor issue)
+	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
 	NOTE: http://thread.gmane.org/gmane.mail.wanderlust.general.japanese/9819
 	NOTE: Fixed in https://github.com/wanderlust/semi/commit/9976269556c5bcc021e4edf1b0e1accd39929528
 CVE-2015-XXXX [incorrect substring matching when assigning pgp keys]
 	- semi 1.14.7~0.20120428-17 (bug #784712)
 	[squeeze] - semi <no-dsa> (Minor issue)
 	[wheezy] - semi <no-dsa> (Minor issue)
-	[jessie] - semi <no-dsa> (Minor issue)
+	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
 	NOTE: https://github.com/wanderlust/semi/issues/9
 	NOTE: https://github.com/wanderlust/semi/commit/5c8466321d281d72850c298b9ebcd466b4b0160c
 	NOTE: https://github.com/wanderlust/semi/commit/da44c8e0ea6baf5dac2b8debf86f720a541f31a5
 	- mew 1:6.6-3
 	[squeeze] - mew <no-dsa> (Minor issue)
 	[wheezy] - mew <no-dsa> (Minor issue)
-	[jessie] - mew <no-dsa> (Minor issue)
+	[jessie] - mew 1:6.6-2+deb8u1
 	- mew-beta 7.0.50~6.6+0.20150508-1
 	[squeeze] - mew-beta <no-dsa> (Minor issue)
 	[wheezy] - mew-beta <no-dsa> (Minor issue)
-	[jessie] - mew-beta <no-dsa> (Minor issue)
+	[jessie] - mew-beta 7.0.50~6.6+0.20140902-1+deb8u1
 CVE-2015-3429 [DOM XSS Vulnerability in Twenty Fifteen WordPress Theme]
 	RESERVED
 	- wordpress 4.2.2+dfsg-1 (bug #784603)
@@ -1922,7 +1922,7 @@
 	- clamav 0.98.7+dfsg-1
 	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
 	[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
-	[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
+	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a18af359decd270f5088e80e2ee2866c62e0843e
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/ed56f56c1f1529bda877ddd116ae7bc064667c73
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/3
@@ -1930,7 +1930,7 @@
 	- clamav 0.98.7+dfsg-1
 	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
 	[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
-	[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
+	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/4
 CVE-2015-XXXX [BUG/MAJOR: http: don't read past buffer's end in http_replace_value]
@@ -1961,6 +1961,7 @@
 CVE-2015-3636
 	RESERVED
 	- linux 4.0.2-1
+	[jessie] - linux 3.16.7-ckt11-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 (v4.1-rc2)
 	NOTE: https://lkml.org/lkml/2011/5/13/382
@@ -2420,7 +2421,7 @@
 	RESERVED
 	[experimental] - gnutls28 3.3.14-1
 	- gnutls28 3.3.8-7 (bug #782776)
-	[jessie] - gnutls28 <no-dsa> (Minor issue)
+	[jessie] - gnutls28 3.3.8-6+deb8u1
 	- gnutls26 <not-affected> (Introduced in 3.3.0)
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
@@ -3629,7 +3630,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/04/03/10
 CVE-2015-XXXX [caja automounts USB flash drives and CD/DVD drives while session is locked]
 	- caja 1.8.2-4 (bug #781608)
-	[jessie] - caja <no-dsa> (Minor issue)
+	[jessie] - caja 1.8.2-3+deb8u1
 	NOTE: https://github.com/mate-desktop/caja/issues/398
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
 CVE-2015-3013 (ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 ...)
@@ -4203,7 +4204,7 @@
 	{DLA-233-1}
 	- clamav 0.98.7+dfsg-1
 	[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
-	[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
+	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows local ...)
 	- gns3 <not-affected> ((Windows specific)
 CVE-2015-2665
@@ -5447,13 +5448,13 @@
 	{DLA-233-1}
 	- clamav 0.98.7+dfsg-1
 	[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
-	[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
+	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
 CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
 	{DLA-233-1}
 	- clamav 0.98.7+dfsg-1
 	[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
-	[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
+	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0844d0cfe118b4041ed8e2ee49ff18bfbca8eaa5
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f
 CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
@@ -5606,7 +5607,7 @@
 	{DLA-233-1}
 	- clamav 0.98.7+dfsg-1
 	[wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
-	[jessie] - clamav <no-dsa> (Clamav is only updated through -updates)
+	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
 	NOTE: https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
 CVE-2015-2169
 	RESERVED
@@ -6396,26 +6397,26 @@
 CVE-2015-1860 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...)
 	{DLA-210-1}
 	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
-	[jessie] - qt4-x11 <no-dsa> (Minor issue)
+	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
 	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
-	[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
+	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
 	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
 CVE-2015-1859 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...)
 	{DLA-210-1}
 	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
-	[jessie] - qt4-x11 <no-dsa> (Minor issue)
+	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
 	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
-	[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
+	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
 	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
 CVE-2015-1858 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and ...)
 	{DLA-210-1}
 	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
-	[jessie] - qt4-x11 <no-dsa> (Minor issue)
+	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
 	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
-	[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
+	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
 	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
 CVE-2015-1857
 	RESERVED
@@ -8170,7 +8171,7 @@
 CVE-2015-1326 [arbitrary code execution or file overwrite when templates are loaded from /tmp]
 	RESERVED
 	- python-dbusmock 0.15.1-1 (bug #786858)
-	[jessie] - python-dbusmock <no-dsa> (Minor issue)
+	[jessie] - python-dbusmock 0.11.4-1+deb8u1
 	NOTE: https://bugs.launchpad.net/python-dbusmock/+bug/1453815
 CVE-2015-1325
 	RESERVED
@@ -13275,7 +13276,7 @@
 	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
 	[experimental] - qtbase-opensource-src 5.4.1+dfsg-2
 	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #779580)
-	[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
+	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
 	NOTE: http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
 CVE-2015-0294 [certificate algorithm consistency checking issue]
 	RESERVED

More information about the Secure-testing-commits mailing list