[Secure-testing-commits] r36863 - in data: . CVE DLA

Guido Guenther agx at moszumanska.debian.org
Sun Sep 27 15:01:08 UTC 2015 

Author: agx
Date: 2015-09-27 15:01:07 +0000 (Sun, 27 Sep 2015)
New Revision: 36863

Modified:
   data/CVE/list
   data/DLA/list
   data/dla-needed.txt
Log:
Claim DLA-316-1 for eglibc

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-27 12:14:01 UTC (rev 36862)
+++ data/CVE/list	2015-09-27 15:01:07 UTC (rev 36863)
@@ -1282,8 +1282,10 @@
 CVE-2015-XXXX [Glibc Pointer guarding weakness]
 	- glibc <unfixed>
 	- eglibc <removed>
+	[squeeze] - eglibc 2.11.3-4+deb6u7
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/05/8
 	NOTE: Upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=18928
+	NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
 	TODO: check
 CVE-2015-6815 [Qemu: net: e1000 infinite loop issue]
 	RESERVED
@@ -14423,10 +14425,11 @@
 	[jessie] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Minor issue)
-	[squeeze] - eglibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc 2.11.3-4+deb6u7
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/26/5
+	NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
 CVE-2011-5320 [glibc scanf implementation crashes on certain inputs]
 	RESERVED
 	{DLA-165-1}
@@ -14520,12 +14523,13 @@
 CVE-2015-XXXX [_IO_wstr_overflow integer overflow]
 	- eglibc <removed>
 	[wheezy] - eglibc <no-dsa> (Minor issue)
-	[squeeze] - eglibc <no-dsa> (Minor issue)
 	- glibc <unfixed> (bug #779587)
 	[jessie] - glibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc 2.11.3-4+deb6u7
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
 	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/22/15
+	NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
 CVE-2015-XXXX [Potential XSS vulnerability when rendering some flash messages]
 	- redmine 3.0~20140825-5 (low)
 	[wheezy] - redmine <no-dsa> (Minor issue)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2015-09-27 12:14:01 UTC (rev 36862)
+++ data/DLA/list	2015-09-27 15:01:07 UTC (rev 36863)
@@ -1,3 +1,6 @@
+[27 Sep 2015] DLA-316-1 eglibc - security update
+	{CVE-2014-8121}
+	[squeeze] - eglibc 2.11.3-4+deb6u7
 [26 Sep 2015] DLA-315-1 nss - security update
 	{CVE-2015-2721 CVE-2015-2730}
 	[squeeze] - nss 3.12.8-1+squeeze12

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-09-27 12:14:01 UTC (rev 36862)
+++ data/dla-needed.txt	2015-09-27 15:01:07 UTC (rev 36863)
@@ -12,8 +12,6 @@
 commons-httpclient
   NOTE: there a three no-dsa issues open as well (CVE-2014-3577, CVE-2012-6153, CVE-2012-5783)
 --
-eglibc (Guido Günther)
---
 flightgear
 --
 freeimage (Thorsten Alteholz)

More information about the Secure-testing-commits mailing list