[Secure-testing-commits] r37172 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Mon Oct 19 00:17:46 UTC 2015 

Author: benh
Date: 2015-10-19 00:17:46 +0000 (Mon, 19 Oct 2015)
New Revision: 37172

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage issues for squeeze (and wheezy, where I could)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-18 22:49:37 UTC (rev 37171)
+++ data/CVE/list	2015-10-19 00:17:46 UTC (rev 37172)
@@ -1,6 +1,7 @@
 CVE-2015-XXXX [Keyrings crash triggerable by unprivileged user]
 	- linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272371
 CVE-2015-XXXX [predictable session key without knowing the passphrase]
 	- libjs-openpgp <itp> (bug #787774)
@@ -65,10 +66,14 @@
 	TODO: check
 CVE-2015-XXXX [lldpd: buffer overflow when handling management address TLV]
 	- lldpd 0.7.19-1
+	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
+	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/16/2
 CVE-2015-XXXX [lldpd: asserts triggered by malformed packets]
 	- lldpd 0.7.19-1
+	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
+	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/18/2
 CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
@@ -6227,10 +6232,12 @@
 	RESERVED
 	- polarssl <unfixed> (bug #801413)
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-5290
+CVE-2015-5290 [Remote denial of service using MONITOR command]
 	RESERVED
 	- charybdis <unfixed>
 	- ircd-ratbox <unfixed>
+	[squeeze] - ircd-ratbox <no-dsa> (Slow leak; workaround is available)
+	NOTE: http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c/
 	TODO: check
 CVE-2015-5289 [stack overflows in json parsing]
 	RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-10-18 22:49:37 UTC (rev 37171)
+++ data/dla-needed.txt	2015-10-19 00:17:46 UTC (rev 37172)
@@ -11,6 +11,11 @@
 --
 bouncycastle
 --
+cakephp
+  NOTE: Relevant functions and source files in this version appear to be
+  Xml::load in cake/libs/xml.php and RequestHandlerComponent::startup in
+  cake/libs/controller/components/request_handler.php
+--
 imagemagick
 --
 libphp-snoopy

More information about the Secure-testing-commits mailing list