[Secure-testing-commits] r34589 - data/CVE

Sat May 30 06:19:06 UTC 2015

Author: jmm
Date: 2015-05-30 06:19:06 +0000 (Sat, 30 May 2015)
New Revision: 34589

Modified:
   data/CVE/list
Log:
filed bug for lighttpd
drop two sqlite entries, plain bugs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-05-30 06:18:05 UTC (rev 34588)
+++ data/CVE/list	2015-05-30 06:19:06 UTC (rev 34589)
@@ -211,6 +211,7 @@
 	RESERVED
 CVE-2015-XXXX [XSS in group administration]
 	- php-horde 5.2.5+debian0-1 (bug #785364)
+	[jessie] - php-horde <no-dsa> (Minor issue)
 	NOTE: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
 CVE-2015-4053
 	RESERVED
@@ -771,16 +772,6 @@
 	[jessie] - horizon <not-affected> (Vulnerable code not present)
 	[wheezy] - horizon <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
-CVE-2015-XXXX [heap overflow in the sql command parser]
-	- sqlite3 3.8.10-1
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/12/7
-	NOTE: https://www.sqlite.org/cgi/src/info/e018f4bf1f27f783
-	NOTE: https://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-overflows-in-SQLite-TFPA-0062015.html
-CVE-2015-XXXX [heap overflow in the database file parser]
-	- sqlite3 3.8.10-1
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/12/7
-	NOTE: https://www.sqlite.org/cgi/src/info/f71053cf658b3260
-	NOTE: https://blog.fuzzing-project.org/10-Two-invalid-read-errors-heap-overflows-in-SQLite-TFPA-0062015.html
 CVE-2015-3886 [does not correctly check certificates for validity]
 	RESERVED
 	- libinfinity 0.6.6-1 (bug #783601)
@@ -2378,7 +2369,7 @@
 	NOT-FOR-US: thermostat
 CVE-2015-3200 [Log injection]
 	RESERVED
-	- lighttpd <unfixed>
+	- lighttpd <unfixed> (low; bug #787132)
 	[jessie] - lighttpd <no-dsa> (Minor issue)
 	[wheezy] - lighttpd <no-dsa> (Minor issue)
 	[squeeze] - lighttpd <no-dsa> (Minor issue)


