[Secure-testing-commits] r36558 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Sep 8 21:10:12 UTC 2015


Author: sectracker
Date: 2015-09-08 21:10:12 +0000 (Tue, 08 Sep 2015)
New Revision: 36558

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-08 18:57:14 UTC (rev 36557)
+++ data/CVE/list	2015-09-08 21:10:12 UTC (rev 36558)
@@ -1,6 +1,6 @@
 CVE-2015-XXXX [hardening for RSA-CRT leak]
-        - libgcrypt11 <removed>
-        - libgcrypt20 <unfixed>
+	- libgcrypt11 <removed>
+	- libgcrypt20 <unfixed>
 	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
 	NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
@@ -751,11 +751,13 @@
 CVE-2015-6507
 	RESERVED
 CVE-2015-6833 [Files extracted from archive may be placed outside of destination directory]
+	{DSA-3344-1}
 	- php5 5.6.12+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70019
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-6831 [vulnerabilities in unserialize]
+	{DSA-3344-1}
 	- php5 5.6.12+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70169
 	NOTE: https://bugs.php.net/bug.php?id=70168
@@ -764,6 +766,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
 	NOTE: Fixed upstream in 5.4.44 and 5.6.12
 CVE-2015-6832 [Dangling pointer in the unserialization of ArrayObject items]
+	{DSA-3344-1}
 	- php5 5.6.12+dfsg-1
 	NOTE: https://bugs.php.net/bug.php?id=70068
 	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
@@ -9278,6 +9281,7 @@
 	NOTE: In Debian directory is not world-writable
 CVE-2015-3247 [memory corruption in worker_update_monitors_config()]
 	RESERVED
+	{DSA-3354-1}
 	- spice 0.12.5-1.2 (bug #797976)
 	[wheezy] - spice <not-affected> (monitors_config support introduced in 0.11.3)
 	NOTE: Referenced Bug with Details from Red Hat is currently private




More information about the Secure-testing-commits mailing list