[Secure-testing-commits] r40713 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Apr 2 11:07:00 UTC 2016
Author: carnil
Date: 2016-04-02 11:07:00 +0000 (Sat, 02 Apr 2016)
New Revision: 40713
Modified:
data/CVE/list
Log:
Merge another batch for fixes from jessie point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-02 10:59:52 UTC (rev 40712)
+++ data/CVE/list 2016-04-02 11:07:00 UTC (rev 40713)
@@ -5173,6 +5173,7 @@
CVE-2016-2085 [Timing side-channel in EVM]
RESERVED
- linux 4.4.2-1 (unimportant)
+ [jessie] - linux 3.16.7-ckt25-1
- linux-2.6 <removed> (unimportant)
NOTE: EVM is not enabled
NOTE: https://git.kernel.org/linus/613317bd212c585c20796c10afe5daaa95d4b0a1 (v4.5-rc4)
@@ -12005,7 +12006,7 @@
[wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
[squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
- exactimage 0.9.1-13
- [jessie] - exactimage <no-dsa> (Minor issue)
+ [jessie] - exactimage 0.8.9-7+deb8u2
[wheezy] - exactimage <not-affected> (Vulnerable code not present)
[squeeze] - exactimage <not-affected> (Vulnerable code not present)
NOTE: exactimage: smal_decode_segment inside dcraw.h not dcraw.c
@@ -13099,7 +13100,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
CVE-2015-XXXX
- cinnamon-settings-daemon 2.8.3-1 (low)
- [jessie] - cinnamon-settings-daemon <no-dsa> (Minor issue)
+ [jessie] - cinnamon-settings-daemon 2.2.4.repack-7+deb8u1
NOTE: https://github.com/linuxmint/cinnamon-settings-daemon/commit/ac5e0be8c1817616dbdb056b6881cfc4660f57a8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly ...)
@@ -20682,6 +20683,7 @@
CVE-2015-5313 [ACL bypass using ../ to access beyond storage pool]
RESERVED
- libvirt 1.3.0-1 (bug #808273)
+ [jessie] - libvirt 1.2.9-9+deb8u2
[jessie] - libvirt <no-dsa> (Minor issue)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -32892,7 +32894,7 @@
RESERVED
{DLA-261-1}
- aptdaemon 1.1.1+bzr982-1 (bug #789162)
- [jessie] - aptdaemon <no-dsa> (Minor issue)
+ [jessie] - aptdaemon 1.1.1-4+deb8u1
[wheezy] - aptdaemon <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587
CVE-2015-1322 (Directory traversal vulnerability in the Ubuntu network-manager ...)
@@ -48702,17 +48704,17 @@
CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
RESERVED
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
- [jessie] - php-dompdf <no-dsa> (Will be fixed via a point release)
+ [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5012 [Denial Of Service Vector]
RESERVED
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
- [jessie] - php-dompdf <no-dsa> (Will be fixed via a point release)
+ [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5011 [Information Disclosure]
RESERVED
- php-dompdf 0.6.2+dfsg-1 (bug #813849)
- [jessie] - php-dompdf <no-dsa> (Will be fixed via a point release)
+ [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5010
RESERVED
@@ -75561,7 +75563,7 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
- glibc 2.21-1 (low)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u4
NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
NOTE: http://www.openwall.com/lists/oss-security/2016/03/07/2
@@ -75570,7 +75572,7 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
- glibc 2.21-1 (low; bug #717544)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u4
NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69
CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in ...)
{DSA-2766-1}
More information about the Secure-testing-commits
mailing list