[Secure-testing-commits] r34304 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat May 16 09:10:16 UTC 2015
Author: sectracker
Date: 2015-05-16 09:10:16 +0000 (Sat, 16 May 2015)
New Revision: 34304
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-16 09:01:41 UTC (rev 34303)
+++ data/CVE/list 2015-05-16 09:10:16 UTC (rev 34304)
@@ -7007,6 +7007,7 @@
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2014-9655 [access of uninitialized memory]
RESERVED
+ {DLA-221-1}
- tiff 4.0.3-12.1 (bug #777390)
- tiff3 <removed>
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
@@ -11248,6 +11249,7 @@
CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine ...)
NOT-FOR-US: ZOHO ManageEngine Desktop Central
CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...)
+ {DLA-221-1}
- tiff 4.0.3-12 (bug #773987)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494
@@ -15480,6 +15482,7 @@
NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
CVE-2014-8129 [out-of-bound read and write]
RESERVED
+ {DLA-221-1}
- tiff 4.0.3-12.1 (bug #776185)
- tiff3 <unfixed>
NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
@@ -15488,6 +15491,7 @@
NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
CVE-2014-8128 [out-of-bounds write]
RESERVED
+ {DLA-221-1}
- tiff 4.0.3-12.3 (bug #776185)
- tiff3 <unfixed>
NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
@@ -26585,6 +26589,7 @@
[wheezy] - libspring-java <no-dsa> (minor issue)
NOTE: Fixed in experimental with 3.2.12-1
CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
+ {DLA-222-1}
- httpcomponents-client 4.3.5-1
[wheezy] - httpcomponents-client <no-dsa> (Minor issue, will be fixed through a stable proposed-update)
[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
@@ -56705,6 +56710,7 @@
CVE-2012-6154
RESERVED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient ...)
+ {DLA-222-1}
- commons-httpclient 3.1-10.2 (bug #692442)
NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549
CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
@@ -58004,6 +58010,7 @@
- axis 1.4-16.1 (low; bug #692650)
[squeeze] - axis <no-dsa> (Minor issue)
CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
+ {DLA-222-1}
- commons-httpclient 3.1-10.1 (bug #692442)
[wheezy] - commons-httpclient <no-dsa> (Minor issue)
[squeeze] - commons-httpclient <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list