[Secure-testing-commits] r40717 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Apr 2 11:44:55 UTC 2016 

Author: carnil
Date: 2016-04-02 11:44:55 +0000 (Sat, 02 Apr 2016)
New Revision: 40717

Modified:
   data/CVE/list
Log:
Merge fixes from wheezy point release

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-02 11:35:39 UTC (rev 40716)
+++ data/CVE/list	2016-04-02 11:44:55 UTC (rev 40717)
@@ -3237,7 +3237,7 @@
 CVE-2016-2782
 	RESERVED
 	- linux 4.4.2-1
-	[wheezy] - linux <no-dsa> (Will be fixed in point update)
+	[wheezy] - linux 3.2.78-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
 CVE-2016-2781 [nonpriv session can escape to the parent session by using the TIOCSTI ioctl]
@@ -12168,7 +12168,7 @@
 CVE-2015-XXXX [Insecure permissions for backup directory]
 	- dbconfig-common 1.8.58 (bug #805638)
 	[jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
-	[wheezy] - dbconfig-common <no-dsa> (Will be fixed via a wheezy-pu update)
+	[wheezy] - dbconfig-common 1.8.47+nmu1+deb7u1
 	[squeeze] - dbconfig-common 1.8.46+squeeze.1
 	NOTE: Workaround entry for DLA-390-1 (since no CVE for this issue)
 CVE-2015-8323
@@ -12179,7 +12179,7 @@
 	RESERVED
 	- libiptables-parse-perl 1.6-1
 	[jessie] - libiptables-parse-perl 1.1-1+deb8u1
-	[wheezy] - libiptables-parse-perl <no-dsa> (Minor issue)
+	[wheezy] - libiptables-parse-perl 1.1-1+deb7u1
 	[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
@@ -12385,7 +12385,7 @@
 CVE-2015-XXXX [ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word]
 	- zendframework 1.12.17+dfsg-1
 	[jessie] - zendframework 1.12.9+dfsg-2+deb8u5
-	[wheezy] - zendframework <no-dsa> (Minor issue)
+	[wheezy] - zendframework 1.11.13-1.1+deb7u5
 	[squeeze] - zendframework <no-dsa> (Minor issue)
 	NOTE: security hardening
 	NOTE: http://framework.zend.com/security/advisory/ZF2015-09
@@ -13094,9 +13094,9 @@
 	NOT-FOR-US: Mediawiki extension PageTriage
 CVE-2015-XXXX [iptables-persistent minor local info leak]
 	- iptables-persistent 1.0.4 (low; bug #764645)
+	[jessie] - iptables-persistent 1.0.3+deb8u1
+	[wheezy] - iptables-persistent 0.5.7+deb7u1
 	[squeeze] - iptables-persistent <no-dsa> (Minor issue)
-	[wheezy] - iptables-persistent <no-dsa> (Minor issue)
-	[jessie] - iptables-persistent 1.0.3+deb8u1
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
 CVE-2015-XXXX
 	- cinnamon-settings-daemon 2.8.3-1 (low)
@@ -13566,7 +13566,7 @@
 	[experimental] - nvidia-graphics-drivers 352.63-1
 	- nvidia-graphics-drivers <unfixed> (bug #805917)
 	[jessie] - nvidia-graphics-drivers 340.96-1
-	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[wheezy] - nvidia-graphics-drivers 304.131-1
 	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx 340.96-1 (bug #805919)
 	- nvidia-graphics-drivers-legacy-304xx 304.131-2 (bug #805918)
@@ -14113,6 +14113,7 @@
 CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a ...)
 	- gummi 0.6.5-6 (bug #756432)
 	[jessie] - gummi 0.6.5-3+deb8u1
+	[wheezy] - gummi 0.6.3-1.2+deb7u2
 	[wheezy] - gummi <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
 CVE-2008-7316
@@ -14626,7 +14627,7 @@
 	{DLA-395-1}
 	- librsvg 2.40.9-2
 	[jessie] - librsvg 2.40.5-1+deb8u1
-	[wheezy] - librsvg <no-dsa> (Minor issue)
+	[wheezy] - librsvg 2.36.1-2+deb7u1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=738050 (not public accessible)
 	NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df (2.40.7)
 CVE-2015-7556
@@ -14636,7 +14637,7 @@
 	{DLA-389-1}
 	- giflib 5.1.2-0.1 (bug #808704)
 	[jessie] - giflib 4.1.6-11+deb8u1
-	[wheezy] - giflib <no-dsa> (Minor issue; only in giffix utility)
+	[wheezy] - giflib 4.1.6-10+deb7u1
 	NOTE: Upstream fix http://sourceforge.net/p/giflib/code/ci/179510be300bf11115e37528d79619b53c884a63
 CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows ...)
 	- tiff <unfixed> (bug #809066)
@@ -19646,7 +19647,7 @@
 	{DLA-339-1}
 	- libhtml-scrubber-perl 0.15-1 (bug #803943)
 	[jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
-	[wheezy] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
+	[wheezy] - libhtml-scrubber-perl 0.09-1+deb7u1
 	NOTE: Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
 CVE-2015-5666
 	RESERVED
@@ -20920,7 +20921,7 @@
 	[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
 	- commons-httpclient 3.1-12 (bug #798650)
 	[jessie] - commons-httpclient 3.1-11+deb8u1
-	[wheezy] - commons-httpclient <no-dsa> (Will be fixed in a point release)
+	[wheezy] - commons-httpclient 3.1-10.2+deb7u2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261538
 	NOTE: https://issues.apache.org/jira/browse/HTTPCLIENT-1478 says it's really fixed in 4.3.6 and that 4.2.x did not have this bug.
 	NOTE: Proposed patch for commons-httpclient: https://bugzilla.redhat.com/show_bug.cgi?id=1259892
@@ -32895,7 +32896,7 @@
 	{DLA-261-1}
 	- aptdaemon 1.1.1+bzr982-1 (bug #789162)
 	[jessie] - aptdaemon 1.1.1-4+deb8u1
-	[wheezy] - aptdaemon <no-dsa> (Minor issue)
+	[wheezy] - aptdaemon 0.45-2+deb7u1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587
 CVE-2015-1322 (Directory traversal vulnerability in the Ubuntu network-manager ...)
 	- network-manager <not-affected> (Ubuntu specific patch)

More information about the Secure-testing-commits mailing list