[Secure-testing-commits] r36429 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Sep 2 21:10:33 UTC 2015 

Author: sectracker
Date: 2015-09-02 21:10:33 +0000 (Wed, 02 Sep 2015)
New Revision: 36429

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-02 20:52:50 UTC (rev 36428)
+++ data/CVE/list	2015-09-02 21:10:33 UTC (rev 36429)
@@ -2414,6 +2414,7 @@
 	NOTE: Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE
 CVE-2015-5745 [buffer overflow in virtio-serial]
 	RESERVED
+	{DSA-3349-1 DSA-3348-1}
 	- qemu 1:2.4+dfsg-1a (bug #795087)
 	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
@@ -3804,6 +3805,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1256728
 CVE-2015-5230
 	RESERVED
+	{DSA-3347-1}
 	- pdns 3.4.6-1
 	[wheezy] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
 	[squeeze] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
@@ -3823,6 +3825,7 @@
 	NOT-FOR-US: OpenShift3
 CVE-2015-5225 [vnc: heap memory corruption issue]
 	RESERVED
+	{DSA-3348-1}
 	- qemu 1:2.4+dfsg-1a (bug #796465)
 	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
 	[squeeze] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
@@ -4027,6 +4030,7 @@
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)
 	NOTE: http://xenbits.xen.org/xsa/advisory-139.html
 CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
+	{DSA-3349-1 DSA-3348-1}
 	- qemu 1:2.4+dfsg-1a (bug #794610)
 	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
@@ -4094,6 +4098,7 @@
 CVE-2015-5155
 	RESERVED
 CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in ...)
+	{DSA-3348-1}
 	- qemu 1:2.4+dfsg-1a (bug #793811)
 	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
 	[squeeze] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
@@ -9298,6 +9303,7 @@
 	RESERVED
 	NOT-FOR-US: virtio Windows drivers
 CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and ...)
+	{DSA-3348-1}
 	- qemu 1:2.4+dfsg-1a (bug #795461)
 	[wheezy] - qemu <not-affected> (Introduced in 1.3.0)
 	[squeeze] - qemu <not-affected> (Introduced in 1.3.0)

More information about the Secure-testing-commits mailing list