[Secure-testing-commits] r44166 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Fri Aug 26 23:45:40 UTC 2016


Author: benh
Date: 2016-08-26 23:45:39 +0000 (Fri, 26 Aug 2016)
New Revision: 44166

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for wheezy; add notes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-26 21:10:13 UTC (rev 44165)
+++ data/CVE/list	2016-08-26 23:45:39 UTC (rev 44166)
@@ -1091,86 +1091,113 @@
 CVE-2016-6632
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
 CVE-2016-6631
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
 CVE-2016-6630
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
 CVE-2016-6629
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
 CVE-2016-6628
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
 CVE-2016-6627
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
 CVE-2016-6626
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
 CVE-2016-6625
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
 CVE-2016-6624
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
 CVE-2016-6623
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
 CVE-2016-6622
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
 CVE-2016-6621
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
 CVE-2016-6620
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
 CVE-2016-6619
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
 CVE-2016-6618
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
 CVE-2016-6617
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
+	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
 CVE-2016-6616
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
 CVE-2016-6615
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
 CVE-2016-6614
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
 CVE-2016-6613
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
 CVE-2016-6612
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
 CVE-2016-6611
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
 CVE-2016-6610
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
 CVE-2016-6609
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
 CVE-2016-6608
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
+	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
 CVE-2016-6607
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
 CVE-2016-6606
 	RESERVED
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
 CVE-2016-6605
 	RESERVED
 CVE-2016-6604
@@ -2109,7 +2136,8 @@
 CVE-2016-XXXX [Buffer overflow processing long words]
 	- cracklib2 2.9.2-3 (bug #835386)
 	[jessie] - cracklib2 <no-dsa> (Minor issue)
-	NOTE: SuSE Patch: https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
+	[wheezy] - cracklib2 <no-dsa> (Minor issue)
+	NOTE: SuSE patch (not a complete fix): https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/08/23/8
 CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
 	RESERVED
@@ -6810,6 +6838,7 @@
 	- gcc-5 <not-affected> (Uses glibc-internal SSP)
 	- gcc-4.9 <not-affected> (Uses glibc-internal SSP)
 	- mingw-w64 <unfixed>
+	- mingw32 <removed>
 	[jessie] - mingw-w64 <no-dsa> (Minor issue)
 CVE-2016-4972 [RCE vulnerability in Openstack Murano using insecure YAML tags]
 	RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-08-26 21:10:13 UTC (rev 44165)
+++ data/dla-needed.txt	2016-08-26 23:45:39 UTC (rev 44166)
@@ -13,6 +13,8 @@
 --
 chicken (Thorsten Alteholz)
 --
+eog
+--
 gnupg (Santiago R.R.)
 --
 icu (Roberto C. Sánchez)
@@ -29,6 +31,8 @@
 --
 lshell (Thorsten Alteholz)
 --
+mailman
+--
 mat
   NOTE: the fix for this issue: https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
   is not available yet. It will be available in next upstream release (already
@@ -37,6 +41,10 @@
 matrixssl
   NOTE: the bignum implementation is in crypto/peersec/mpi.c
 --
+mingw-w64
+--
+mingw32
+--
 openssl
   NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
   NOTE: because the wheezy version is completely missing the checks being
@@ -53,6 +61,8 @@
 php5 (Thorsten Alteholz)
   NOTE: At least CVE-2016-4538 of the outstanding CVEs are vulnerable
 --
+phpmyadmin
+--
 roundcube
 --
 ruby-actionpack-3.2 (Guido Günther)




More information about the Secure-testing-commits mailing list