[Secure-testing-commits] r37107 - in data: . CVE
Ben Hutchings
benh at moszumanska.debian.org
Tue Oct 13 22:45:05 UTC 2015
Author: benh
Date: 2015-10-13 22:45:05 +0000 (Tue, 13 Oct 2015)
New Revision: 37107
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage issues for squeeze (and other suites, where I could)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-10-13 21:10:14 UTC (rev 37106)
+++ data/CVE/list 2015-10-13 22:45:05 UTC (rev 37107)
@@ -8,9 +8,11 @@
RESERVED
CVE-2015-7805
RESERVED
-CVE-2015-7802 [Global buffer overflow]
+CVE-2015-7802 [Global buffer under-read]
RESERVED
- - optipng <unfixed> (bug #801700)
+ - optipng <unfixed> (unimportant; bug #801700)
+ [squeeze] - optipng <unfixed> (unimportant)
+ NOTE: Not a security flaw as the under-read does not depend on input
CVE-2015-7801 [Use after free]
RESERVED
- optipng 0.7.5-1
@@ -19,9 +21,12 @@
CVE-2015-7799 [net: slip: crash when using PPP character device driver]
RESERVED
- linux <unfixed>
+ [jeesie] - linux <no-dsa> (Minor issue)
+ [wheezy] - linux <no-dsa> (Minor issue)
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/android/issues/detail?id=187973
- TODO: check
+ NOTE: DoS, requires access to /dev/ppp which is root-only by default
CVE-2015-7798
RESERVED
CVE-2015-7797
@@ -5181,8 +5186,7 @@
CVE-2015-5655
RESERVED
CVE-2015-5654 (Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 ...)
- - dojo <unfixed>
- TODO: check
+ - dojo <not-affected> (Fixed before the first version in Debian)
CVE-2015-5653 (Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows ...)
TODO: check
CVE-2015-5652 (Untrusted search path vulnerability in python.exe in Python through ...)
@@ -6693,8 +6697,9 @@
NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
CVE-2015-5155 [Packet with crafted "nextoffset" and "extid" values causes DoS]
RESERVED
- - openslp-dfsg <unfixed> (bug #799456)
- NOTE: might be duplicate of CVE-2010-3609, needs rechecking
+ - openslp-dfsg 1.2.1-8 (bug #623551)
+ [squeeze] - openslp-dfsg 1.2.1-7.8+deb6u1
+ NOTE: duplicate of CVE-2010-3609
CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in ...)
{DSA-3348-1}
- qemu 1:2.4+dfsg-1a (bug #793811)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-10-13 21:10:14 UTC (rev 37106)
+++ data/dla-needed.txt 2015-10-13 22:45:05 UTC (rev 37107)
@@ -9,8 +9,12 @@
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
--
+bouncycastle
+--
freeimage (Thorsten Alteholz)
--
+imagemagick
+--
libphp-snoopy
NOTE: maintainer might take care of it, cf http://lists.debian.org/1424805686.2351.19.camel@debian.org
--
@@ -18,19 +22,27 @@
NOTE: a fix is probably not trivial, as thread safety has to be backported to 0.9.7
NOTE: possibly ending up in ABI breakage, second opinion welcome!
--
+lxc
+--
openafs (Santiago R.R.)
--
+optipng
+--
php5 (Thorsten Alteholz)
NOTE: next upload in October
--
phpmyadmin (Thijs Kinkhorst)
http://lists.debian.org/8d1ec56509c135da275476758673e47a.squirrel@aphrodite.kinkhorst.nl
--
+polarssl
+--
pound (Guido Günther)
--
quassel (Scott K)
--
squid (Santiago R.R.)
--
+unzip
+--
zendframework (Chris Lamb)
--
More information about the Secure-testing-commits
mailing list