[Secure-testing-commits] r40716 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Apr 2 11:35:39 UTC 2016
Author: carnil
Date: 2016-04-02 11:35:39 +0000 (Sat, 02 Apr 2016)
New Revision: 40716
Modified:
data/CVE/list
Log:
First batch for fixes for wheezy point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-04-02 11:16:00 UTC (rev 40715)
+++ data/CVE/list 2016-04-02 11:35:39 UTC (rev 40716)
@@ -13362,20 +13362,20 @@
RESERVED
- exfat-utils 1.2.1-1
[jessie] - exfat-utils 1.1.0-2+deb8u1
- [wheezy] - exfat-utils <no-dsa> (Minor issue)
+ [wheezy] - exfat-utils 0.9.7-2+deb7u1
- fuse-exfat 1.2.1-1
[jessie] - fuse-exfat 1.1.0-2+deb8u1
- [wheezy] - fuse-exfat <no-dsa> (Minor issue)
+ [wheezy] - fuse-exfat 0.9.7-2+deb7u1
NOTE: https://github.com/relan/exfat/issues/5
NOTE: https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum
NOTE: https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786
CVE-2015-XXXX [Endlees loop issue]
- exfat-utils 1.2.1-1
[jessie] - exfat-utils 1.1.0-2+deb8u1
- [wheezy] - exfat-utils <no-dsa> (Minor issue)
+ [wheezy] - exfat-utils 0.9.7-2+deb7u1
- fuse-exfat 1.2.1-1
[jessie] - fuse-exfat 1.1.0-2+deb8u1
- [wheezy] - fuse-exfat <no-dsa> (Minor issue)
+ [wheezy] - fuse-exfat 0.9.7-2+deb7u1
NOTE: https://github.com/relan/exfat/issues/6
NOTE: https://crashes.fuzzing-project.org/exfatfsck-endless-loop
NOTE: https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b
@@ -18023,6 +18023,7 @@
CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...)
- linux 4.1.3-1
[jessie] - linux 3.16.7-ckt11-1
+ [jessie] - linux 3.2.73-2+deb7u1
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
@@ -26826,7 +26827,6 @@
CVE-2015-3220
RESERVED
- tlslite <removed>
- [wheezy] - tlslite <no-dsa> (Minor issue; will be removed from Wheezy)
CVE-2015-3219 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack ...)
- horizon 2015.1.0+2015.06.09.git15.e63af6c598-1 (bug #788306)
[jessie] - horizon <no-dsa> (Minor issue)
@@ -26916,7 +26916,7 @@
{DLA-265-2 DLA-265-1}
- pykerberos 1.1.5-1 (bug #796195)
[jessie] - pykerberos 1.1.5-0.1+deb8u1
- [wheezy] - pykerberos <no-dsa> (Too intrusive, may be fixed through a stable proposed-update)
+ [wheezy] - pykerberos 1.1+svn4895-1+deb7u1
NOTE: CVE originally assigned for python-kerberos, pykerberos is a fork of the
NOTE: former.
NOTE: KDC verification support in pykerberos added in https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c
@@ -51430,7 +51430,7 @@
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...)
- sendmail 8.14.4-6 (low; bug #750562)
- [wheezy] - sendmail <no-dsa> (Minor issue)
+ [wheezy] - sendmail 8.14.4-4+deb7u1
[squeeze] - sendmail <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the ...)
More information about the Secure-testing-commits
mailing list