[Secure-testing-commits] r39442 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Feb 4 00:35:48 UTC 2016 

Author: jmm
Date: 2016-02-04 00:35:48 +0000 (Thu, 04 Feb 2016)
New Revision: 39442

Modified:
   data/CVE/list
Log:
socat CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-04 00:08:33 UTC (rev 39441)
+++ data/CVE/list	2016-02-04 00:35:48 UTC (rev 39442)
@@ -274,7 +274,7 @@
 	[squeeze] - socat <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/01/5
 	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv8.html
-CVE-2016-XXXX [Socat security advisory 7 - Created new 2048bit DH modulus]
+CVE-2016-2217 [Socat security advisory 7 - Created new 2048bit DH modulus]
 	- socat 1.7.3.1-1 (bug #813536)
 	[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
 	[wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
@@ -282,7 +282,7 @@
 	NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
 	NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
 	NOTE: bit long.
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/01/4
+	NOTE: http://www.openwall.com/lists/oss-security/2016/02/01/4
 	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
 CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()]
 	- php5 5.6.17+dfsg-1
@@ -6567,19 +6567,21 @@
 	NOT-FOR-US: Atlassian Confluence
 CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in ...)
 	- gdcm 2.6.2-1
+	[jessie] - gdcm <no-dsa> (Minor issue)
 	[wheezy] - gdcm <not-affected> (Vulerable code not present)
 	[squeeze] - gdcm <not-affected> (Vulerable code not present)
 	NOTE: http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
 CVE-2015-8396 (Integer overflow in the ImageRegionReader::ReadIntoBuffer function in ...)
 	- gdcm 2.6.2-1
+	[jessie] - gdcm <no-dsa> (Minor issue)
+	[wheezy] - gdcm <no-dsa> (Minor issue)
 	[squeeze] - gdcm <not-affected> (Vulerable code not present)
 	NOTE: http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/0f6f82052484774d072784f32105cecc79c45c19/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/92cd6d7fe0d01c61cf68ac4ef65ef388ee252415/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
 	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
-	TODO: check older versions
 CVE-2012-6700
 	RESERVED
 	{DLA-362-1}

More information about the Secure-testing-commits mailing list