[Secure-testing-commits] r36558 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Sep 8 21:10:12 UTC 2015
Author: sectracker
Date: 2015-09-08 21:10:12 +0000 (Tue, 08 Sep 2015)
New Revision: 36558
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-08 18:57:14 UTC (rev 36557)
+++ data/CVE/list 2015-09-08 21:10:12 UTC (rev 36558)
@@ -1,6 +1,6 @@
CVE-2015-XXXX [hardening for RSA-CRT leak]
- - libgcrypt11 <removed>
- - libgcrypt20 <unfixed>
+ - libgcrypt11 <removed>
+ - libgcrypt20 <unfixed>
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
@@ -751,11 +751,13 @@
CVE-2015-6507
RESERVED
CVE-2015-6833 [Files extracted from archive may be placed outside of destination directory]
+ {DSA-3344-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70019
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6831 [vulnerabilities in unserialize]
+ {DSA-3344-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70169
NOTE: https://bugs.php.net/bug.php?id=70168
@@ -764,6 +766,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6832 [Dangling pointer in the unserialization of ArrayObject items]
+ {DSA-3344-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70068
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
@@ -9278,6 +9281,7 @@
NOTE: In Debian directory is not world-writable
CVE-2015-3247 [memory corruption in worker_update_monitors_config()]
RESERVED
+ {DSA-3354-1}
- spice 0.12.5-1.2 (bug #797976)
[wheezy] - spice <not-affected> (monitors_config support introduced in 0.11.3)
NOTE: Referenced Bug with Details from Red Hat is currently private
More information about the Secure-testing-commits
mailing list