[Secure-testing-commits] r34304 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sat May 16 09:10:16 UTC 2015 

Author: sectracker
Date: 2015-05-16 09:10:16 +0000 (Sat, 16 May 2015)
New Revision: 34304

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-16 09:01:41 UTC (rev 34303)
+++ data/CVE/list	2015-05-16 09:10:16 UTC (rev 34304)
@@ -7007,6 +7007,7 @@
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 CVE-2014-9655 [access of uninitialized memory]
 	RESERVED
+	{DLA-221-1}
 	- tiff 4.0.3-12.1 (bug #777390)
 	- tiff3 <removed>
 	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
@@ -11248,6 +11249,7 @@
 CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine ...)
 	NOT-FOR-US: ZOHO ManageEngine Desktop Central
 CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...)
+	{DLA-221-1}
 	- tiff 4.0.3-12 (bug #773987)
 	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494
@@ -15480,6 +15482,7 @@
 	NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
 CVE-2014-8129 [out-of-bound read and write]
 	RESERVED
+	{DLA-221-1}
 	- tiff 4.0.3-12.1 (bug #776185)
 	- tiff3 <unfixed>
 	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
@@ -15488,6 +15491,7 @@
 	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
 CVE-2014-8128 [out-of-bounds write]
 	RESERVED
+	{DLA-221-1}
 	- tiff 4.0.3-12.3 (bug #776185)
 	- tiff3 <unfixed>
 	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
@@ -26585,6 +26589,7 @@
 	[wheezy] - libspring-java <no-dsa> (minor issue)
 	NOTE: Fixed in experimental with 3.2.12-1
 CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
+	{DLA-222-1}
 	- httpcomponents-client 4.3.5-1
 	[wheezy] - httpcomponents-client <no-dsa> (Minor issue, will be fixed through a stable proposed-update)
 	[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
@@ -56705,6 +56710,7 @@
 CVE-2012-6154
 	RESERVED
 CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient ...)
+	{DLA-222-1}
 	- commons-httpclient 3.1-10.2 (bug #692442)
 	NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549
 CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
@@ -58004,6 +58010,7 @@
 	- axis 1.4-16.1 (low; bug #692650)
 	[squeeze] - axis <no-dsa> (Minor issue)
 CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
+	{DLA-222-1}
 	- commons-httpclient 3.1-10.1 (bug #692442)
 	[wheezy] - commons-httpclient <no-dsa> (Minor issue)
 	[squeeze] - commons-httpclient <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list