[Secure-testing-commits] r39103 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 23 14:32:35 UTC 2016
Author: carnil
Date: 2016-01-23 14:32:35 +0000 (Sat, 23 Jan 2016)
New Revision: 39103
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Another round of issues fixed in Jessie 8.3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-23 14:26:01 UTC (rev 39102)
+++ data/CVE/list 2016-01-23 14:32:35 UTC (rev 39103)
@@ -5882,7 +5882,7 @@
CVE-2015-8378 [canceling export operation creates cleartext copy of all of the user's KeePassX password database entries]
RESERVED
- keepassx 0.4.3+dfsg-1 (bug #791858)
- [jessie] - keepassx <no-dsa> (Minor issue)
+ [jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
[wheezy] - keepassx <no-dsa> (Minor issue)
[squeeze] - keepassx <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
@@ -6059,7 +6059,7 @@
NOTE: upstream fixed in 2.6.8, 3.0.6 and 3.1.2
CVE-2015-XXXX [Insecure permissions for backup directory]
- dbconfig-common 1.8.58 (bug #805638)
- [jessie] - dbconfig-common <no-dsa> (Will be fixed via a jessie-pu update)
+ [jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
[wheezy] - dbconfig-common <no-dsa> (Will be fixed via a wheezy-pu update)
[squeeze] - dbconfig-common 1.8.46+squeeze.1
NOTE: Workaround entry for DLA-390-1 (since no CVE for this issue)
@@ -6070,7 +6070,7 @@
CVE-2015-8326 [Use of predictable names for temporary files]
RESERVED
- libiptables-parse-perl 1.6-1
- [jessie] - libiptables-parse-perl <no-dsa> (Minor issue)
+ [jessie] - libiptables-parse-perl 1.1-1+deb8u1
[wheezy] - libiptables-parse-perl <no-dsa> (Minor issue)
[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
@@ -6275,7 +6275,7 @@
RESERVED
CVE-2015-XXXX [ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word]
- zendframework 1.12.17+dfsg-1
- [jessie] - zendframework <no-dsa> (Minor issue)
+ [jessie] - zendframework 1.12.9+dfsg-2+deb8u5
[wheezy] - zendframework <no-dsa> (Minor issue)
[squeeze] - zendframework <no-dsa> (Minor issue)
NOTE: security hardening
@@ -7424,7 +7424,7 @@
CVE-2015-7869 (Multiple integer overflows in the kernel mode driver for the NVIDIA ...)
[experimental] - nvidia-graphics-drivers 352.63-1
- nvidia-graphics-drivers <unfixed> (bug #805917)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.96-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.96-1 (bug #805919)
@@ -7953,7 +7953,7 @@
TODO: check
CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a ...)
- gummi 0.6.5-6 (bug #756432)
- [jessie] - gummi <no-dsa> (Minor issue)
+ [jessie] - gummi 0.6.5-3+deb8u1
[wheezy] - gummi <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
CVE-2008-7315 [Shell escape vulnerability]
@@ -13375,7 +13375,7 @@
CVE-2015-5667 (Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module ...)
{DLA-339-1}
- libhtml-scrubber-perl 0.15-1 (bug #803943)
- [jessie] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
+ [jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
[wheezy] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
NOTE: Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
CVE-2015-5666
@@ -14494,7 +14494,7 @@
CVE-2015-5290 [Remote denial of service using MONITOR command]
RESERVED
- charybdis 3.4.2-5
- [jessie] - charybdis <no-dsa> (Minor issue)
+ [jessie] - charybdis 3.4.2-5~deb8u1
[wheezy] - charybdis <no-dsa> (Minor issue)
- ircd-ratbox <removed> (bug #805065)
[jessie] - ircd-ratbox <no-dsa> (Minor issue)
@@ -17594,7 +17594,7 @@
CVE-2015-4410 [ruby-bson: DoS and possible injection]
RESERVED
- ruby-bson 1.10.0-2 (bug #787951)
- [jessie] - ruby-bson <no-dsa> (Minor issue)
+ [jessie] - ruby-bson 1.10.0-1+deb8u1
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2016-01-23 14:26:01 UTC (rev 39102)
+++ data/next-point-update.txt 2016-01-23 14:32:35 UTC (rev 39103)
@@ -56,24 +56,3 @@
[jessie] - commons-httpclient 3.1-11+deb8u1
CVE-2015-5251
[jessie] - glance 2014.1.3-12+deb8u1
-CVE-2015-5667
- [jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
-CVE-2015-4410
- [jessie] - ruby-bson 1.10.0-1+deb8u1
-CVE-2015-XXXX
- [jessie] - zendframework 1.12.9+dfsg-2+deb8u5
- NOTE: No CVE will be assigned since security hardening
- NOTE: For http://framework.zend.com/security/advisory/ZF2015-09
-CVE-2015-8326
- [jessie] - libiptables-parse-perl 1.1-1+deb8u1
-CVE-2105-5290
- [jessie] - charybdis 3.4.2-5~deb8u1
-CVE-2015-7869
- [jessie] - nvidia-graphics-drivers 340.96-1
-CVE-2015-7758
- [jessie] - gummi 0.6.5-3+deb8u1
-CVE-2015-8378
- [jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
-CVE-2015-XXXX [Insecure permissions for backup directory]
- [jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
- NOTE: For #805638
More information about the Secure-testing-commits
mailing list