[Secure-testing-commits] r34992 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jun 17 20:53:14 UTC 2015
Author: jmm
Date: 2015-06-17 20:53:13 +0000 (Wed, 17 Jun 2015)
New Revision: 34992
Modified:
data/CVE/list
Log:
no-dsa: polkit, pcre, xorg-server
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-17 12:37:08 UTC (rev 34991)
+++ data/CVE/list 2015-06-17 20:53:13 UTC (rev 34992)
@@ -611,7 +611,10 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/10/6
NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
CVE-2015-4625 [cookie generator can wrap and two identical cookies could exist; DoS]
- - policykit-1 <unfixed>
+ - policykit-1 <unfixed> (low)
+ [jessie] - policykit-1 <no-dsa> (Minor issue)
+ [wheezy] - policykit-1 <no-dsa> (Minor issue)
+ [squeeze] - policykit-1 <no-dsa> (Minor issue)
NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90837
@@ -796,12 +799,18 @@
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/6
CVE-2015-XXXX [PCRE Library Stack Overflow Vulnerability]
- - pcre3 <unfixed>
+ - pcre3 <unfixed> (low)
+ [jessie] - pcre3 <no-dsa> (Minor issue)
+ [wheezy] - pcre3 <no-dsa> (Minor issue)
+ [squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/31/5
CVE-2015-XXXX [PCRE Call Stack Overflow Vulnerability]
- - pcre3 <unfixed>
+ - pcre3 <unfixed> (low)
+ [jessie] - pcre3 <no-dsa> (Minor issue)
+ [wheezy] - pcre3 <no-dsa> (Minor issue)
+ [squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/31/4
@@ -2764,7 +2773,7 @@
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257
- TODO: check
+ NOTE: https://bugs.php.net/bug.php?id=69353
CVE-2015-3411
RESERVED
- php5 5.6.9+dfsg-1
@@ -3550,6 +3559,7 @@
CVE-2015-3164 [Unauthorised local client access in XWayland]
RESERVED
- xorg-server <unfixed> (bug #788410)
+ [jessie] - xorg-server <no-dsa> (Minor issue, can be fixed along in a future DSA)
[wheezy] - xorg-server <not-affected> (XWayland not present)
[squeeze] - xorg-server <not-affected> (XWayland not present)
NOTE: http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html
More information about the Secure-testing-commits
mailing list