[Secure-testing-commits] r39439 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Feb 3 22:06:22 UTC 2016


Author: jmm
Date: 2016-02-03 22:06:22 +0000 (Wed, 03 Feb 2016)
New Revision: 39439

Modified:
   data/CVE/list
Log:
dwarfutils no-dsa
note on openssl/CRIME


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-03 20:18:55 UTC (rev 39438)
+++ data/CVE/list	2016-02-03 22:06:22 UTC (rev 39439)
@@ -925,6 +925,8 @@
 CVE-2016-2050 [out of bound write in libdwarf -20151114]
 	RESERVED
 	- dwarfutils <unfixed>
+	[wheezy] - dwarfutils <no-dsa> (Minor issue)
+	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
 	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
 	TODO: check versions in Debian
@@ -2451,6 +2453,8 @@
 	RESERVED
 	{DLA-388-1}
 	- dwarfutils <unfixed> (bug #813182)
+	[wheezy] - dwarfutils <no-dsa> (Minor issue)
+	[jessie] - dwarfutils <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264
 	NOTE: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697
 CVE-2015-8749 (The volume_utils._parse_volume_info function in OpenStack Compute ...)
@@ -80539,6 +80543,7 @@
 	[wheezy] - openssl 1.0.1e-2+deb7u11
 	[squeeze] - openssl 0.9.8o-4squeeze16
 	NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html
+	NOTE: openssl disables compression by default since dc5744cb78da6f2bcafeeefe22c604a51b52dfc5
 	- pound 2.6-3 (bug #727197)
 CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
 	NOT-FOR-US: Oxwall 1.1.1




More information about the Secure-testing-commits mailing list