[Secure-testing-commits] r39439 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 3 22:06:22 UTC 2016
Author: jmm
Date: 2016-02-03 22:06:22 +0000 (Wed, 03 Feb 2016)
New Revision: 39439
Modified:
data/CVE/list
Log:
dwarfutils no-dsa
note on openssl/CRIME
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-03 20:18:55 UTC (rev 39438)
+++ data/CVE/list 2016-02-03 22:06:22 UTC (rev 39439)
@@ -925,6 +925,8 @@
CVE-2016-2050 [out of bound write in libdwarf -20151114]
RESERVED
- dwarfutils <unfixed>
+ [wheezy] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
TODO: check versions in Debian
@@ -2451,6 +2453,8 @@
RESERVED
{DLA-388-1}
- dwarfutils <unfixed> (bug #813182)
+ [wheezy] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264
NOTE: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697
CVE-2015-8749 (The volume_utils._parse_volume_info function in OpenStack Compute ...)
@@ -80539,6 +80543,7 @@
[wheezy] - openssl 1.0.1e-2+deb7u11
[squeeze] - openssl 0.9.8o-4squeeze16
NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html
+ NOTE: openssl disables compression by default since dc5744cb78da6f2bcafeeefe22c604a51b52dfc5
- pound 2.6-3 (bug #727197)
CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
NOT-FOR-US: Oxwall 1.1.1
More information about the Secure-testing-commits
mailing list