[Secure-testing-commits] r36496 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 5 15:55:57 UTC 2015
Author: carnil
Date: 2015-09-05 15:55:57 +0000 (Sat, 05 Sep 2015)
New Revision: 36496
Modified:
data/CVE/list
Log:
Updates included in wheezy point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-05 15:55:08 UTC (rev 36495)
+++ data/CVE/list 2015-09-05 15:55:57 UTC (rev 36496)
@@ -12561,7 +12561,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2015-XXXX [tcllib XSS]
- tcllib 1.16-dfsg-2 (low; bug #780100)
- [wheezy] - tcllib <no-dsa> (Minor issue, will be fixed in a point update)
+ [wheezy] - tcllib 1.14-dfsg-3+deb7u1
[squeeze] - tcllib <no-dsa> (Minor issue)
CVE-2015-2210
RESERVED
@@ -14364,7 +14364,7 @@
- sma <not-affected> (Local regex copy only used when building on Windows, see #778411)
- clamav 0.98.7+dfsg-1 (unimportant; bug #778406)
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
- [wheezy] - clamav <no-dsa> (Fixed via wheezy-updates and included in wheezy point release)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
NOTE: Only exploitable through virusdb updates, which need to be trusted anywaya
- knews <not-affected> (Uses system regex code, see #778401)
@@ -14377,6 +14377,7 @@
- alpine <unfixed> (unimportant; bug #778413)
NOTE: alpine uses the regex code from glibc, local fallback code not used
- vigor 0.016-24 (unimportant; bug #778409)
+ [wheezy] - vigor 0.016-19+deb7u1
- nvi <unfixed> (unimportant; bug #778412)
NOTE: No security impact in nvi/vigor and openrpt
NOTE: http://www.kb.cert.org/vuls/id/695940
@@ -14703,7 +14704,7 @@
[squeeze] - macchanger <no-dsa> (Minor issue)
CVE-2015-XXXX [lame missing check for samplerate]
- lame 3.99.5+repack1-6 (bug #775959; bug #777160; bug #777161)
- [wheezy] - lame <no-dsa> (Minor issue)
+ [wheezy] - lame 3.99.5+repack1-3+deb7u1
[squeeze] - lame <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-XXXX [denial of service under memory stress]
@@ -14795,7 +14796,7 @@
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
- libfcgi 2.4.0-8.3 (bug #681591)
- [wheezy] - libfcgi <no-dsa> (Minor issue)
+ [wheezy] - libfcgi 2.4.0-8.1+deb7u1
[squeeze] - libfcgi <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
CVE-2012-XXXX [Stack-based buffer overflow when scanning directory structure for absolute path entries]
@@ -14856,16 +14857,16 @@
CVE-2015-1463 (ClamAV before 0.98.6 allows remote attackers to cause a denial of ...)
{DLA-233-1}
- clamav 0.98.6+dfsg-1
- [wheezy] - clamav <no-dsa> (Updated through stable-updates)
+ [wheezy] - clamav 0.98.6+dfsg-0+deb7u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/96ff19a19eba64bdf47f2f12ecdbc5ee331c09e2
CVE-2015-1462 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
{DLA-233-1}
- clamav 0.98.6+dfsg-1
- [wheezy] - clamav <no-dsa> (Updated through stable-updates)
+ [wheezy] - clamav 0.98.6+dfsg-0+deb7u1
CVE-2015-1461 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
{DLA-233-1}
- clamav 0.98.6+dfsg-1
- [wheezy] - clamav <no-dsa> (Updated through stable-updates)
+ [wheezy] - clamav 0.98.6+dfsg-0+deb7u1
CVE-2015-1460 (Huawei Quidway switches with firmware before V200R005C00SPC300 allows ...)
NOT-FOR-US: Huawei Quidway switches
CVE-2015-1459 (Cross-site scripting (XSS) vulnerability in Fortinet ...)
@@ -15016,12 +15017,12 @@
[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2015-1432 (The message_options function in includes/ucp/ucp_pm_options.php in ...)
- phpbb3 3.0.12-4 (low; bug #776699)
- [wheezy] - phpbb3 <no-dsa> (Minor issue)
+ [wheezy] - phpbb3 3.0.10-4+deb7u2
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
CVE-2015-1431 (Cross-site scripting (XSS) vulnerability in includes/startup.php in ...)
- phpbb3 3.0.12-4 (low; bug #776699)
- [wheezy] - phpbb3 <no-dsa> (Minor issue)
+ [wheezy] - phpbb3 3.0.10-4+deb7u2
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
CVE-2015-1430 [buffer overrun in acknowledge.c(gi)]
@@ -17509,7 +17510,7 @@
NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary ...)
- osc 0.149.0-2 (low; bug #780410)
- [wheezy] - osc <no-dsa> (Minor issue)
+ [wheezy] - osc 0.134.1-2+deb7u1
[squeeze] - osc <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=901643
CVE-2015-0777 (drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen ...)
@@ -19437,7 +19438,7 @@
CVE-2014-9328 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
{DLA-233-1}
- clamav 0.98.6+dfsg-1
- [wheezy] - clamav <no-dsa> (Updated through stable-updates)
+ [wheezy] - clamav 0.98.6+dfsg-0+deb7u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d
CVE-2014-9327
RESERVED
@@ -52580,7 +52581,7 @@
CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or ...)
- lcms 1.19.dfsg1-1.3 (low; bug #718682)
[squeeze] - lcms <no-dsa> (Minor issue)
- [wheezy] - lcms <no-dsa> (Minor issue)
+ [wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
- lcms2 <not-affected> (Vulnerable code not present)
CVE-2013-4275
RESERVED
@@ -52962,7 +52963,7 @@
CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...)
- lcms 1.19.dfsg1-1.3 (low; bug #728208)
[squeeze] - lcms <no-dsa> (Minor issue)
- [wheezy] - lcms <no-dsa> (Minor issue)
+ [wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
- lcms2 2.2+git20110628-2.3 (bug #714529)
[wheezy] - lcms2 2.2+git20110628-2.2+deb7u1
NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
More information about the Secure-testing-commits
mailing list