[Secure-testing-commits] r32900 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Mar 15 21:10:15 UTC 2015 

Author: sectracker
Date: 2015-03-15 21:10:15 +0000 (Sun, 15 Mar 2015)
New Revision: 32900

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-15 21:04:13 UTC (rev 32899)
+++ data/CVE/list	2015-03-15 21:10:15 UTC (rev 32900)
@@ -565,6 +565,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
 CVE-2015-2157 [PuTTY fails to clear private key information from memory]
 	RESERVED
+	{DSA-3190-1 DLA-173-1}
 	- putty 0.63-10 (bug #779488)
 	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
 CVE-2015-2100
@@ -2029,6 +2030,7 @@
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/04/10
 CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=151
@@ -2038,22 +2040,27 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
 CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=154
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
 CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=155
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
 CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=157
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3
 CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=158
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
 CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=163
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
@@ -2064,10 +2071,12 @@
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
 CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=166
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
 CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=167
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439
@@ -2079,11 +2088,13 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727
 CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=183
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd
 CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=184
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1
@@ -2094,11 +2105,13 @@
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=185
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
 CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=187
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
 CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
@@ -2110,14 +2123,17 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
 	NOTE: CVE due to incomplete fix for CVE-2014-2240
 CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=194
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c
 CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=195
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
 CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType ...)
+	{DSA-3188-1}
 	- freetype 2.5.2-3 (bug #777656)
 	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
@@ -3586,6 +3602,7 @@
 CVE-2014-9605
 	RESERVED
 CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...)
+	{DSA-3189-1}
 	- ffmpeg 7:2.5.1-1
 	[squeeze] - ffmpeg <end-of-life>
 	- libav 6:11.3-1 (bug #775593)
@@ -9335,6 +9352,7 @@
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686
 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows ...)
+	{DSA-3189-1}
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:11.2-1 (bug #773626)
@@ -9342,6 +9360,7 @@
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
 	NOTE: Pending for 0.8.17
 CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
+	{DSA-3189-1}
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:11.2-1 (bug #773626)
@@ -9359,6 +9378,7 @@
 	- libav <not-affected> (Vulnerable code not present)
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate ...)
+	{DSA-3189-1}
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:11.3-1 (bug #773626)
@@ -9366,6 +9386,7 @@
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
 	NOTE: Pending for 0.8.17
 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
+	{DSA-3189-1}
 	- ffmpeg 7:2.4.3-1
 	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:11.2-1 (bug #773626)
@@ -11134,6 +11155,7 @@
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function in ...)
+	{DSA-3189-1}
 	- chromium-browser 40.0.2214.91-1
 	[wheezy] - chromium-browser <end-of-life>
 	[squeeze] - chromium-browser <end-of-life>

More information about the Secure-testing-commits mailing list