[Secure-testing-commits] r37053 - data/CVE

[Christoph Berg]

Author: myon
Date: 2015-10-08 20:54:33 +0000 (Thu, 08 Oct 2015)
New Revision: 37053

Modified:
   data/CVE/list
Log:
Update list of affected packages for CVE-2015-5288 and CVE-2015-5289 (PostgreSQL)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-08 19:16:12 UTC (rev 37052)
+++ data/CVE/list	2015-10-08 20:54:33 UTC (rev 37053)
@@ -5878,20 +5878,18 @@
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
 CVE-2015-5290
 	RESERVED
-CVE-2015-5289
+CVE-2015-5289 (stack overflows in json parsing)
 	RESERVED
 	- postgresql-9.4 9.4.5-1
-	- postgresql-9.1 <removed>
-	- postgresql-8.4 <removed>
-	[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
-	TODO: check affected versions
-CVE-2015-5288
+	- postgresql-9.1 <not-affected> (no json datatype)
+	- postgresql-8.4 <not-affected> (no json datatype)
+CVE-2015-5288 (vulnerable to too-short crypt() salts)
 	RESERVED
 	- postgresql-9.4 9.4.5-1
-	- postgresql-9.1 <removed>
-	- postgresql-8.4 <removed>
+	[jessie] - postgresql-9.1 <no-dsa> (postgresql-9.1 in jessie only provides PL/Perl)
+	[wheezy] - postgresql-9.1 <no-dsa> (minor issue)
 	[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
-	TODO: check affected versions
+	[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
 CVE-2015-5287
 	RESERVED
 CVE-2015-5286 [Glance storage overrun]