[Secure-testing-commits] r34878 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 11 15:10:45 UTC 2015
Author: carnil
Date: 2015-06-11 15:10:45 +0000 (Thu, 11 Jun 2015)
New Revision: 34878
Modified:
data/CVE/list
Log:
CVEs assigned for libmspack
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-11 14:48:04 UTC (rev 34877)
+++ data/CVE/list 2015-06-11 15:10:45 UTC (rev 34878)
@@ -9402,18 +9402,18 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
CVE-2015-1353
REJECTED
-CVE-2015-XXXX [off-by-one buffer under-read in mspack/lzxd.c]
+CVE-2015-4471 [off-by-one buffer under-read in mspack/lzxd.c]
- libmspack 0.5-1 (bug #775499)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2014-XXXX [null pointer dereference on a crafted CAB]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+CVE-2014-9732 [null pointer dereference on a crafted CAB]
- libmspack 0.5-1 (bug #774665)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-XXXX [off-by-one buffer over-read in mspack/mszipd.c]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+CVE-2015-4470 [off-by-one buffer over-read in mspack/mszipd.c]
- libmspack 0.5-1 (bug #775498)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-XXXX [CHM decompression: another pointer arithmetic overflow]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+CVE-2015-4472 [CHM decompression: another pointer arithmetic overflow]
- libmspack 0.5-1 (bug #775687)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-1591
RESERVED
- kamailio 4.2.0-2 (bug #775681)
@@ -11457,12 +11457,15 @@
[wheezy] - cpio <no-dsa> (Minor issue)
[squeeze] - cpio <no-dsa> (Minor issue)
NOTE: Patch used in SUSE: https://bugzilla.suse.com/attachment.cgi?id=599460&action=diff
-CVE-2015-XXXX [CHM decompression: pointer arithmetic overflow]
+CVE-2015-4469 [CHM decompression: pointer arithmetic overflow -- fix-name-field-boundaries.patch; missing impot validation]
- libmspack 0.4-3 (bug #774726)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-XXXX [CHM decompression: division by zero]
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+CVE-2015-4468 [CHM decompression: pointer arithmetic overflow -- fix-pointer-arithmetic-overflow.patch]
+ - libmspack 0.4-3 (bug #774726)
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+CVE-2015-4467 [CHM decompression: division by zero]
- libmspack 0.4-3 (bug #774725)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-XXXX [directory traversal]
- arc <unfixed> (low; bug #774527)
[squeeze] - arc <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list