[Secure-testing-commits] r36826 - in data: . CVE

Fri Sep 25 01:42:29 UTC 2015

Author: benh
Date: 2015-09-25 01:42:29 +0000 (Fri, 25 Sep 2015)
New Revision: 36826

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze-lts

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-09-25 00:57:49 UTC (rev 36825)
+++ data/CVE/list	2015-09-25 01:42:29 UTC (rev 36826)
@@ -4963,7 +4963,9 @@
 CVE-2015-5283 [Creating multiple sockets when SCTP module isn't loaded leads to kernel panic]
 	RESERVED
 	- linux <unfixed>
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: http://patchwork.ozlabs.org/patch/515996/
 	TODO: check
 CVE-2015-5282
@@ -4996,6 +4998,7 @@
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	[wheezy] - glibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
 CVE-2015-5276 [gcc: Predictable randomness from std::random_device]
 	RESERVED
 	- gcc-5 <unfixed>
@@ -5070,6 +5073,7 @@
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <unfixed>
 	NOTE: Patch: https://marc.info/?l=linux-usb&m=144303376328355
 CVE-2015-5256
 	RESERVED
@@ -11732,6 +11736,7 @@
 	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <not-affected> (KSM is not enabled)
 	NOTE: https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
 	NOTE: http://www.antoniobarresi.com/security/cloud/2015/07/30/cain/
 	TODO: check closer the referenced advisories
@@ -12767,6 +12772,7 @@
 	{DSA-3359-1 DLA-313-1}
 	- virtualbox 4.3.30-dfsg-1 (bug #792446)
 	- virtualbox-ose <removed>
+	[squeeze] - virtualbox-ose <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
 	NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi."
 CVE-2015-2593 (Unspecified vulnerability in the Oracle Access Manager component in ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-09-25 00:57:49 UTC (rev 36825)
+++ data/dla-needed.txt	2015-09-25 01:42:29 UTC (rev 36826)
@@ -12,6 +12,8 @@
 commons-httpclient
   NOTE: there a three no-dsa issues open as well (CVE-2014-3577, CVE-2012-6153, CVE-2012-5783)
 --
+eglibc
+--
 flightgear
 --
 freeimage (Thorsten Alteholz)
@@ -23,6 +25,10 @@
 libphp-snoopy
   NOTE: maintainer might take care of it, cf http://lists.debian.org/1424805686.2351.19.camel@debian.org
 --
+libvncserver
+--
+linux-2.6
+--
 nss (Guido Günther)
 --
 openafs
@@ -39,8 +45,12 @@
 --
 squid (Santiago R.R.)
 --
+virtualbox-ose
+--
 vorbis-tools (Mike Gabriel)
 --
+wget
+--
 
 
 


