[Secure-testing-commits] r36497 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 5 16:09:12 UTC 2015
Author: carnil
Date: 2015-09-05 16:09:12 +0000 (Sat, 05 Sep 2015)
New Revision: 36497
Modified:
data/CVE/list
Log:
More updates included in wheezy point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-05 15:55:57 UTC (rev 36496)
+++ data/CVE/list 2015-09-05 16:09:12 UTC (rev 36497)
@@ -5228,7 +5228,7 @@
- wesnoth-1.12 1:1.12.4-1
- wesnoth-1.10 <removed>
[jessie] - wesnoth-1.10 1:1.10.7-2+deb8u1
- [wheezy] - wesnoth-1.10 <no-dsa> (Minor issue, can be fixed through pu)
+ [wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
- wesnoth-1.8 <removed>
NOTE: https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59
CVE-2015-5069
@@ -5238,7 +5238,7 @@
- wesnoth-1.12 1:1.12.4-1
- wesnoth-1.10 <removed>
[jessie] - wesnoth-1.10 1:1.10.7-2+deb8u1
- [wheezy] - wesnoth-1.10 <no-dsa> (Minor issue, can be fixed through pu)
+ [wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
- wesnoth-1.8 <removed>
NOTE: https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
CVE-2015-5059 [Information disclosure]
@@ -6924,7 +6924,7 @@
RESERVED
- pgbouncer 1.5.5-1
[jessie] - pgbouncer 1.5.4-6+deb8u1
- [wheezy] - pgbouncer <no-dsa> (Minor issue)
+ [wheezy] - pgbouncer 1.5.2-4+deb7u1
[squeeze] - pgbouncer <no-dsa> (Minor issue)
NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
NOTE: https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 (stable-1.5)
@@ -7953,11 +7953,11 @@
[squeeze] - ufraw <no-dsa> (Minor issue)
- libraw 0.16.2-1 (bug #786788)
[jessie] - libraw 0.16.0-9+deb8u1
- [wheezy] - libraw <no-dsa> (Minor issue)
+ [wheezy] - libraw 0.14.6-2+deb7u1
[squeeze] - libraw <no-dsa> (Minor issue)
- rawtherapee 4.2-2
[jessie] - rawtherapee 4.2-1+deb8u1
- [wheezy] - rawtherapee <no-dsa> (Minor issue)
+ [wheezy] - rawtherapee 4.0.9-4+deb7u1
[squeeze] - rawtherapee <no-dsa> (Minor issue)
- rawstudio <removed>
[wheezy] - rawstudio <no-dsa> (Minor issue)
@@ -7968,7 +7968,7 @@
- kodi <unfixed> (bug #792299)
- exactimage 0.9.1-5 (bug #786785)
[jessie] - exactimage 0.8.9-7+deb8u1
- [wheezy] - exactimage <no-dsa> (Minor issue)
+ [wheezy] - exactimage 0.8.5-5+deb7u4
[squeeze] - exactimage <no-dsa> (Minor issue)
- freeimage <unfixed> (bug #786790)
[jessie] - freeimage <no-dsa> (Minor issue)
@@ -7984,7 +7984,7 @@
RESERVED
- phpbb3 3.0.14-1
[jessie] - phpbb3 3.0.12-5+deb8u1
- [wheezy] - phpbb3 <no-dsa> (Minor issue)
+ [wheezy] - phpbb3 3.0.10-4+deb7u3
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.14
NOTE: Patch: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
@@ -7992,13 +7992,13 @@
CVE-2015-XXXX [pdf2djvu: insecure use of /tmp when executing c44]
- pdf2djvu 0.7.21-1 (bug #784889)
[squeeze] - pdf2djvu <no-dsa> (Minor issue)
- [wheezy] - pdf2djvu <no-dsa> (Minor issue)
+ [wheezy] - pdf2djvu 0.7.12-2+deb7u1
[jessie] - pdf2djvu 0.7.17-4+deb8u1
NOTE: https://bitbucket.org/jwilk/pdf2djvu/issue/103
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-XXXX [didjvu: insecure use of /tmp when executing c44]
- didjvu 0.4-1 (bug #784888)
- [wheezy] - didjvu <no-dsa> (Minor issue)
+ [wheezy] - didjvu 0.2.3-2+deb7u1
[jessie] - didjvu 0.2.8-1+deb8u1
NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
@@ -8490,7 +8490,7 @@
CVE-2015-XXXX [crashes on crafted upack packed file]
- clamav 0.98.7+dfsg-1
[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
- [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/a18af359decd270f5088e80e2ee2866c62e0843e
NOTE: https://github.com/vrtadmin/clamav-devel/commit/ed56f56c1f1529bda877ddd116ae7bc064667c73
@@ -8498,7 +8498,7 @@
CVE-2015-XXXX [crash during algorithmic detection on crafted PE file]
- clamav 0.98.7+dfsg-1
[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
- [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/4
@@ -10755,12 +10755,12 @@
NOTE: http://www.openprinting.org/driver/pbm2l2030/ (typo in the official CVE description)
CVE-2015-XXXX [crashes found with afl]
- hp2xx 3.4.4-10 (low)
- [wheezy] - hp2xx <no-dsa> (Minor issue)
+ [wheezy] - hp2xx 3.4.4-8+deb7u1
[squeeze] - hp2xx <no-dsa> (Minor issue)
CVE-2015-2793 [cross-site scripting via openid_identifier]
RESERVED
- ikiwiki 3.20141016.2 (bug #781483)
- [wheezy] - ikiwiki <no-dsa> (Minor issue)
+ [wheezy] - ikiwiki 3.20120629.2
[squeeze] - ikiwiki <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/5
CVE-2015-2806 (Stack-based buffer overflow in asn1_der_decoding in libtasn1 before ...)
@@ -11159,7 +11159,7 @@
CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
{DLA-233-1}
- clamav 0.98.7+dfsg-1
- [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
CVE-2015-2667 (Untrusted search path vulnerability in GNS3 before 1.2.3 allows local ...)
- gns3 <not-affected> (Windows specific)
@@ -12515,13 +12515,13 @@
CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
{DLA-233-1}
- clamav 0.98.7+dfsg-1
- [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
{DLA-233-1}
- clamav 0.98.7+dfsg-1
- [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/0844d0cfe118b4041ed8e2ee49ff18bfbca8eaa5
NOTE: https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f
@@ -12680,7 +12680,7 @@
CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers to ...)
{DLA-233-1}
- clamav 0.98.7+dfsg-1
- [wheezy] - clamav <no-dsa> (Clamav is only updated through -updates)
+ [wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
CVE-2015-2169 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
@@ -15042,7 +15042,7 @@
NOT-FOR-US: Gecko CMS
CVE-2015-XXXX [symlink directory traversal]
- unrar-nonfree 1:5.2.7-0.1 (bug #774171)
- [wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
+ [wheezy] - unrar-nonfree 1:4.1.4-1+deb7u1
[squeeze] - unrar-nonfree <no-dsa> (Non-free not supported)
CVE-2015-XXXX [symlink directory traversal]
- rar <unfixed> (bug #774172)
@@ -34805,10 +34805,10 @@
CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
{DLA-222-1}
- httpcomponents-client 4.3.5-1
- [wheezy] - httpcomponents-client <no-dsa> (Minor issue, will be fixed through a stable proposed-update)
+ [wheezy] - httpcomponents-client 4.1.1-2+deb7u1
[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
- commons-httpclient 3.1-11 (bug #758086)
- [wheezy] - commons-httpclient <no-dsa> (Minor issue, will be fixed through a stable proposed-update)
+ [wheezy] - commons-httpclient 3.1-10.2+deb7u1
NOTE: See https://bugs.debian.org/758086#59 for full details.
CVE-2014-3576 (The processControlCommand function in broker/TransportConnection.java ...)
{DSA-3330-1}
@@ -39590,7 +39590,7 @@
RESERVED
- gamera 3.4.1-1 (low; bug #737324)
[squeeze] - gamera <no-dsa> (Minor issue)
- [wheezy] - gamera <no-dsa> (Minor issue)
+ [wheezy] - gamera 3.3.3-2+deb7u1
CVE-2014-1936 [insecure use of /tmp]
RESERVED
- rc 1.7.1-5 (unimportant; bug #737125)
@@ -99866,7 +99866,7 @@
NOTE: http://projects.scipy.org/numpy/changeset/8364
CVE-2010-XXXX [mediatomb directory traversal]
- mediatomb 0.12.1-47-g7ab7616-1 (low; bug #580120; bug #778669)
- [wheezy] - mediatomb <no-dsa> (Interface should be disabled in a point update)
+ [wheezy] - mediatomb 0.12.1-4+deb7u1
[squeeze] - mediatomb 0.12.0~svn2018-6.1
NOTE: was previously fixed in 580120 but patch was not applied to later maintainer uploads
CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh ...)
More information about the Secure-testing-commits
mailing list