[Secure-testing-commits] r36863 - in data: . CVE DLA
Guido Guenther
agx at moszumanska.debian.org
Sun Sep 27 15:01:08 UTC 2015
Author: agx
Date: 2015-09-27 15:01:07 +0000 (Sun, 27 Sep 2015)
New Revision: 36863
Modified:
data/CVE/list
data/DLA/list
data/dla-needed.txt
Log:
Claim DLA-316-1 for eglibc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-27 12:14:01 UTC (rev 36862)
+++ data/CVE/list 2015-09-27 15:01:07 UTC (rev 36863)
@@ -1282,8 +1282,10 @@
CVE-2015-XXXX [Glibc Pointer guarding weakness]
- glibc <unfixed>
- eglibc <removed>
+ [squeeze] - eglibc 2.11.3-4+deb6u7
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/05/8
NOTE: Upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=18928
+ NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
TODO: check
CVE-2015-6815 [Qemu: net: e1000 infinite loop issue]
RESERVED
@@ -14423,10 +14425,11 @@
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
- [squeeze] - eglibc <no-dsa> (Minor issue)
+ [squeeze] - eglibc 2.11.3-4+deb6u7
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/26/5
+ NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
CVE-2011-5320 [glibc scanf implementation crashes on certain inputs]
RESERVED
{DLA-165-1}
@@ -14520,12 +14523,13 @@
CVE-2015-XXXX [_IO_wstr_overflow integer overflow]
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
- [squeeze] - eglibc <no-dsa> (Minor issue)
- glibc <unfixed> (bug #779587)
[jessie] - glibc <no-dsa> (Minor issue)
+ [squeeze] - eglibc 2.11.3-4+deb6u7
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/22/15
+ NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
CVE-2015-XXXX [Potential XSS vulnerability when rendering some flash messages]
- redmine 3.0~20140825-5 (low)
[wheezy] - redmine <no-dsa> (Minor issue)
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2015-09-27 12:14:01 UTC (rev 36862)
+++ data/DLA/list 2015-09-27 15:01:07 UTC (rev 36863)
@@ -1,3 +1,6 @@
+[27 Sep 2015] DLA-316-1 eglibc - security update
+ {CVE-2014-8121}
+ [squeeze] - eglibc 2.11.3-4+deb6u7
[26 Sep 2015] DLA-315-1 nss - security update
{CVE-2015-2721 CVE-2015-2730}
[squeeze] - nss 3.12.8-1+squeeze12
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-09-27 12:14:01 UTC (rev 36862)
+++ data/dla-needed.txt 2015-09-27 15:01:07 UTC (rev 36863)
@@ -12,8 +12,6 @@
commons-httpclient
NOTE: there a three no-dsa issues open as well (CVE-2014-3577, CVE-2012-6153, CVE-2012-5783)
--
-eglibc (Guido Günther)
---
flightgear
--
freeimage (Thorsten Alteholz)
More information about the Secure-testing-commits
mailing list