[Secure-testing-commits] r41239 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Apr 27 16:14:21 UTC 2016 

Author: jmm
Date: 2016-04-27 16:14:21 +0000 (Wed, 27 Apr 2016)
New Revision: 41239

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
encfs fixed
librsync fixed in experimental
remove opam entry, won't get a CVE ID and fixed in sid/jessie spu
update some notes on firefox for clarification
two tiff issues no-dsa for jessie


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-04-27 15:11:36 UTC (rev 41238)
+++ data/CVE/list	2016-04-27 16:14:21 UTC (rev 41239)
@@ -1406,7 +1406,7 @@
 	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
-	TODO: check
+	[jessie] - tiff <no-dsa> (Minor issue)
 CVE-2016-3624 [Out-of-bounds Write occurred in function cvtClump in rgb2ycbcr]
 	RESERVED
 	- tiff <unfixed>
@@ -1416,7 +1416,7 @@
 	RESERVED
 	- tiff <unfixed>
 	- tiff3 <removed>
-	TODO: check
+	[jessie] - tiff <no-dsa> (Minor issue)
 CVE-2016-3622 [Division by zero in fpAcc function]
 	RESERVED
 	- tiff <unfixed> (low; bug #820365)
@@ -2458,12 +2458,6 @@
 	RESERVED
 	- linux 4.5.1-1
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
-CVE-2016-XXXX [opam: does not verify certificate]
-	- opam 1.2.2-5 (bug #818081)
-	[jessie] - opam <no-dsa> (Minor issue, can be fixed in a point update)
-	NOTE: https://github.com/ocaml/opam/commit/3d43295df3bb9e67e60801d319bf82c2c8a84d24
-	NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/12
-	NOTE: Will not get a CVE identifier assigned
 CVE-2016-3133
 	RESERVED
 CVE-2016-3132
@@ -3395,8 +3389,8 @@
 	RESERVED
 CVE-2016-2820
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x)
-	- firefox-esr <not-affected> (Only Firefox 45.x)
+	- iceweasel <not-affected> (Only Firefox 46)
+	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
 CVE-2016-2819
@@ -3405,14 +3399,14 @@
 	RESERVED
 CVE-2016-2817
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x)
-	- firefox-esr <not-affected> (Only Firefox 45.x)
+	- iceweasel <not-affected> (Only Firefox 46)
+	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-46/
 CVE-2016-2816
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x)
-	- firefox-esr <not-affected> (Only Firefox 45.x)
+	- iceweasel <not-affected> (Only Firefox 46)
+	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
 CVE-2016-2815
@@ -3425,33 +3419,33 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
 CVE-2016-2813
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x on Android)
-	- firefox-esr <not-affected> (Only Firefox 45.x on Android)
-	- firefox <not-affected> (Only Firefox 45.x on Android)
+	- iceweasel <not-affected> (Only Firefox on Android)
+	- firefox-esr <not-affected> (Only Firefox on Android)
+	- firefox <not-affected> (Only Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/
 CVE-2016-2812
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x)
-	- firefox-esr <not-affected> (Only Firefox 45.x)
+	- iceweasel <not-affected> (Only Firefox 46)
+	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
 CVE-2016-2811
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x)
-	- firefox-esr <not-affected> (Only Firefox 45.x)
+	- iceweasel <not-affected> (Only Firefox 46)
+	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
 CVE-2016-2810
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x on Android)
-	- firefox-esr <not-affected> (Only Firefox 45.x on Android)
-	- firefox <not-affected> (Only Firefox 45.x on Android)
+	- iceweasel <not-affected> (Only Firefox on Android)
+	- firefox-esr <not-affected> (Only Firefox on Android)
+	- firefox <not-affected> (Only Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-41/
 CVE-2016-2809
 	RESERVED
-	- iceweasel <not-affected> (Only Firefox 45.x on Windows)
-	- firefox-esr <not-affected> (Only Firefox 45.x on Windows)
-	- firefox <not-affected> (Only Firefox 45.x on Windows)
+	- iceweasel <not-affected> (Only Firefox on Windows)
+	- firefox-esr <not-affected> (Only Firefox on Windows)
+	- firefox <not-affected> (Only Firefox on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
 CVE-2016-2808
 	RESERVED
@@ -3479,8 +3473,8 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
 CVE-2016-2804 [Memory safety bugs fixed in Firefox 46]
 	RESERVED
-	- iceweasel <not-affected> (Affects Firefox 45.x)
-	- firefox-esr <not-affected> (Only Firefox 45.x)
+	- iceweasel <not-affected> (Only Firefox 46)
+	- firefox-esr <not-affected> (Only Firefox 46)
 	- firefox 46.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
 CVE-2016-2803
@@ -42548,6 +42542,7 @@
 	NOTE: https://lists.samba.org/archive/rsync/2015-May/030123.html
 CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, ...)
 	- librsync <unfixed> (low; bug #776246)
+	[experimental] - librsync 1.0.0-1~exp1
 	[jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport)
 	[wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport)
 	[squeeze] - librsync <no-dsa> (Minor issue, too instrusive to backport)
@@ -54095,11 +54090,11 @@
 	[wheezy] - obnam <no-dsa> (Minor issue)
 CVE-2014-3462 [Editing Configuration File Disables MACs]
 	RESERVED
-	- encfs <unfixed> (low; bug #736066)
+	- encfs 1.8.1-1 (low; bug #736066)
 	[jessie] - encfs <no-dsa> (Minor issue)
 	[squeeze] - encfs <no-dsa> (Minor issue)
 	[wheezy] - encfs <no-dsa> (Minor issue)
-	NOTE: Shortcoming documented in 1.7.4-4; issue itself not fixed yet in encfs
+	NOTE: Shortcoming documented in 1.7.4-4
 	NOTE: https://defuse.ca/audits/encfs.htm
 	NOTE: Upstream issue: https://github.com/vgough/encfs/issues/14
 CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2016-04-27 15:11:36 UTC (rev 41238)
+++ data/next-point-update.txt	2016-04-27 16:14:21 UTC (rev 41239)
@@ -14,9 +14,6 @@
 	[jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
 CVE-2013-7449 [don't properly verify SSL certificates]
 	[jessie] - hexchat 2.10.1-1+deb8u1
-CVE-2016-XXXX [opam: does not verify certificate]
-	[jessie] - opam 1.2.0-1+deb8u1
-	NOTE: for #818081
 CVE-2016-XXXX [ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1]
 	[jessie] - zendframework 1.12.9+dfsg-2+deb8u6
 CVE-2016-3995

More information about the Secure-testing-commits mailing list