[Secure-testing-commits] r34422 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Fri May 22 09:58:57 UTC 2015 

Author: hertzog
Date: 2015-05-22 09:58:57 +0000 (Fri, 22 May 2015)
New Revision: 34422

Modified:
   data/CVE/list
Log:
Triage icu CVE in squeeze and fix an incorrect description

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-22 09:53:50 UTC (rev 34421)
+++ data/CVE/list	2015-05-22 09:58:57 UTC (rev 34422)
@@ -4612,9 +4612,10 @@
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
 	NOTE: http://trac.imagemagick.org/changeset/17845
 	NOTE: http://trac.imagemagick.org/changeset/17846
-CVE-2015-XXXX [Incomplete fix for CVE-2014-9740]
+CVE-2015-XXXX [Incomplete fix for CVE-2014-7940]
 	- icu 52.1-8 (bug #780503)
 	[wheezy] - icu <not-affected> (Incomplete patch was never applied)
+	[squeeze] - icu <not-affected> (Incomplete patch was never applied)
 CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...)
 	{DSA-3215-1 DLA-189-1}
 	- libgd2 2.1.0-5
@@ -6541,7 +6542,9 @@
 CVE-2014-XXXX [more to CVE-2014-6585]
 	[experimental] - icu 55.1-1
 	- icu <unfixed> (low; bug #778511)
+	[squeeze] - icu <not-affected> (All relevant changes already applied)
 	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37086
+	NOTE: icu_4.4.1-8+squeeze3 already has the full patch except for the changes in source/layout/ContextualSubstSubtables.cpp which are commented out anyway... and the remaining if test is probably only meaningful when the backtrackClassArray call is uncommented.
 CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: WordPress plugin image-metadata-cruncher
 CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts]
@@ -15661,6 +15664,7 @@
 	RESERVED
 	- icu 52.1-9 (bug #784773)
 	[wheezy] - icu <not-affected> (Vulnerable code not present)
+	[squeeze] - icu <not-affected> (Vulnerable code not present)
 	- chromium-browser 42.0.2311.135-1
 	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
 	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
@@ -15670,6 +15674,7 @@
 	RESERVED
 	- icu 52.1-9 (bug #784773)
 	[wheezy] - icu <not-affected> (Vulnerable code not present)
+	[squeeze] - icu <not-affected> (Vulnerable code not present)
 	- chromium-browser 42.0.2311.135-1
 	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
 	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)

More information about the Secure-testing-commits mailing list