[Secure-testing-commits] r39102 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 23 14:26:01 UTC 2016
Author: carnil
Date: 2016-01-23 14:26:01 +0000 (Sat, 23 Jan 2016)
New Revision: 39102
Modified:
data/CVE/list
data/next-point-update.txt
Log:
More CVEs fixed in Jessie 8.3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-23 14:18:04 UTC (rev 39101)
+++ data/CVE/list 2016-01-23 14:26:01 UTC (rev 39102)
@@ -1331,22 +1331,22 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/1
CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote ...)
- owncloud 7.0.12~dfsg-2
- [jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
+ [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-004
CVE-2016-1500 (ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before ...)
[experimental] - owncloud 8.2.2~dfsg-1
- owncloud 7.0.12~dfsg-1
- [jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
+ [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-003
CVE-2016-1499 (ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before ...)
[experimental] - owncloud 8.2.2~dfsg-1
- owncloud 7.0.12~dfsg-2
- [jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
+ [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-002
CVE-2016-1498 (Cross-site scripting (XSS) vulnerability in the OCS discovery provider ...)
[experimental] - owncloud 8.2.2~dfsg-1
- owncloud 7.0.12~dfsg-1
- [jessie] - owncloud <no-dsa> (Minor issue; will be fixed via a pu)
+ [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
CVE-2016-1493
RESERVED
@@ -3966,7 +3966,7 @@
NOTE: Fixed in 2.6.0
CVE-2015-8547 (The CoreUserInputHandler::doMode function in ...)
- quassel 1:0.12.2-3 (bug #807801)
- [jessie] - quassel <no-dsa> (Minor issue; can be fixed via a point release)
+ [jessie] - quassel 1:0.10.0-2.3+deb8u2
[wheezy] - quassel <not-affected> (Vulnerable code not present)
[squeeze] - quassel <not-affected> (Vulnerable code not present)
NOTE: https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
@@ -5896,7 +5896,7 @@
CVE-2015-8367 [Memory objects are not intialized properly]
RESERVED
- libraw 0.17.1-1 (bug #806809)
- [jessie] - libraw <no-dsa> (Minor issue)
+ [jessie] - libraw 0.16.0-9+deb8u2
[wheezy] - libraw <not-affected> (Vulnerable code not present)
[squeeze] - libraw <not-affected> (Vulerable code not present)
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
@@ -5905,7 +5905,7 @@
CVE-2015-8366 [Index overflow in smal_decode_segment]
RESERVED
- libraw 0.17.1-1 (bug #806809)
- [jessie] - libraw <no-dsa> (Minor issue)
+ [jessie] - libraw 0.16.0-9+deb8u2
[wheezy] - libraw <not-affected> (Vulnerable code not present)
[squeeze] - libraw <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
@@ -6970,7 +6970,7 @@
- iptables-persistent 1.0.4 (low; bug #764645)
[squeeze] - iptables-persistent <no-dsa> (Minor issue)
[wheezy] - iptables-persistent <no-dsa> (Minor issue)
- [jessie] - iptables-persistent <no-dsa> (Minor issue)
+ [jessie] - iptables-persistent 1.0.3+deb8u1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
CVE-2015-XXXX
- cinnamon-settings-daemon <unfixed>
@@ -7211,7 +7211,7 @@
NOTE: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
CVE-2015-XXXX [multiple overflows in strxfrm()]
- glibc 2.21-1 (bug #803927)
- [jessie] - glibc <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - glibc 2.19-18+deb8u2
[wheezy] - glibc <no-dsa> (Minor issue, will be fixed in a point release)
- eglibc <removed>
[squeeze] - eglibc 2.11.3-4+deb6u8
@@ -10373,7 +10373,7 @@
CVE-2015-8777 (The process_envvars function in elf/rtld.c in the GNU C Library (aka ...)
{DLA-316-1}
- glibc 2.21-1 (bug #798316; bug #801691)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u2
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc 2.11.3-4+deb6u7
@@ -14563,7 +14563,7 @@
NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1)
CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...)
- glibc 2.21-1 (bug #799966)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u2
- eglibc <removed>
[wheezy] - eglibc <not-affected> (Vulnerable code not present)
[squeeze] - eglibc <not-affected> (Vulnerable code not present)
@@ -20832,7 +20832,7 @@
CVE-2015-3146 [null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets]
RESERVED
- libssh 0.6.3-4.2 (bug #784404)
- [jessie] - libssh <no-dsa> (Minor issue)
+ [jessie] - libssh 0.6.3-4+deb8u1
[wheezy] - libssh <no-dsa> (Minor issue)
[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
NOTE: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
@@ -24160,7 +24160,7 @@
NOT-FOR-US: Vanilla Forums
CVE-2015-XXXX [potential application crash due to overread in fnmatch]
- glibc 2.21-1 (bug #779587)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u2
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc 2.11.3-4+deb6u7
@@ -24262,7 +24262,7 @@
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
- glibc 2.21-1 (bug #779587)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u2
[squeeze] - eglibc 2.11.3-4+deb6u7
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
NOTE: Fixed upstream in 2.22
@@ -34980,7 +34980,7 @@
CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...)
{DLA-316-1}
- glibc 2.21-1 (low; bug #779587)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u2
- eglibc <removed> (low)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2016-01-23 14:18:04 UTC (rev 39101)
+++ data/next-point-update.txt 2016-01-23 14:26:01 UTC (rev 39102)
@@ -77,33 +77,3 @@
CVE-2015-XXXX [Insecure permissions for backup directory]
[jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
NOTE: For #805638
-CVE-2015-5277
- [jessie] - glibc 2.19-18+deb8u2
-CVE-2015-XXXX [_IO_wstr_overflow integer overflow]
- [jessie] - glibc 2.19-18+deb8u2
-CVE-2014-8121
- [jessie] - glibc 2.19-18+deb8u2
-CVE-2015-8777 [Glibc Pointer guarding weakness]
- [jessie] - glibc 2.19-18+deb8u2
-CVE-2015-XXXX [multiple overflows in strxfrm()]
- [jessie] - glibc 2.19-18+deb8u2
-CVE-2015-XXXX [potential application crash due to overread in fnmatch]
- [jessie] - glibc 2.19-18+deb8u2
-CVE-2015-3146
- [jessie] - libssh 0.6.3-4+deb8u1
-CVE-2015-8547
- [jessie] - quassel 1:0.10.0-2.3+deb8u2
-CVE-2015-8366
- [jessie] - libraw 0.16.0-9+deb8u2
-CVE-2015-8367
- [jessie] - libraw 0.16.0-9+deb8u2
-CVE-2015-XXXX [iptables-persistent minor local info leak]
- [jessie] - iptables-persistent 1.0.3+deb8u1
-CVE-2016-1498
- [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
-CVE-2016-1499
- [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
-CVE-2016-1500
- [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
-CVE-2016-1501
- [jessie] - owncloud 7.0.4+dfsg-4~deb8u4
More information about the Secure-testing-commits
mailing list