[Secure-testing-commits] r39103 - in data: . CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jan 23 14:32:35 UTC 2016 

Author: carnil
Date: 2016-01-23 14:32:35 +0000 (Sat, 23 Jan 2016)
New Revision: 39103

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
Another round of issues fixed in Jessie 8.3

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-23 14:26:01 UTC (rev 39102)
+++ data/CVE/list	2016-01-23 14:32:35 UTC (rev 39103)
@@ -5882,7 +5882,7 @@
 CVE-2015-8378 [canceling export operation creates cleartext copy of all of the user's KeePassX password database entries]
 	RESERVED
 	- keepassx 0.4.3+dfsg-1 (bug #791858)
-	[jessie] - keepassx <no-dsa> (Minor issue)
+	[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
 	[wheezy] - keepassx <no-dsa> (Minor issue)
 	[squeeze] - keepassx <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
@@ -6059,7 +6059,7 @@
 	NOTE: upstream fixed in 2.6.8, 3.0.6 and 3.1.2
 CVE-2015-XXXX [Insecure permissions for backup directory]
 	- dbconfig-common 1.8.58 (bug #805638)
-	[jessie] - dbconfig-common <no-dsa> (Will be fixed via a jessie-pu update)
+	[jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
 	[wheezy] - dbconfig-common <no-dsa> (Will be fixed via a wheezy-pu update)
 	[squeeze] - dbconfig-common 1.8.46+squeeze.1
 	NOTE: Workaround entry for DLA-390-1 (since no CVE for this issue)
@@ -6070,7 +6070,7 @@
 CVE-2015-8326 [Use of predictable names for temporary files]
 	RESERVED
 	- libiptables-parse-perl 1.6-1
-	[jessie] - libiptables-parse-perl <no-dsa> (Minor issue)
+	[jessie] - libiptables-parse-perl 1.1-1+deb8u1
 	[wheezy] - libiptables-parse-perl <no-dsa> (Minor issue)
 	[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
@@ -6275,7 +6275,7 @@
 	RESERVED
 CVE-2015-XXXX [ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word]
 	- zendframework 1.12.17+dfsg-1
-	[jessie] - zendframework <no-dsa> (Minor issue)
+	[jessie] - zendframework 1.12.9+dfsg-2+deb8u5
 	[wheezy] - zendframework <no-dsa> (Minor issue)
 	[squeeze] - zendframework <no-dsa> (Minor issue)
 	NOTE: security hardening
@@ -7424,7 +7424,7 @@
 CVE-2015-7869 (Multiple integer overflows in the kernel mode driver for the NVIDIA ...)
 	[experimental] - nvidia-graphics-drivers 352.63-1
 	- nvidia-graphics-drivers <unfixed> (bug #805917)
-	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+	[jessie] - nvidia-graphics-drivers 340.96-1
 	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-legacy-340xx 340.96-1 (bug #805919)
@@ -7953,7 +7953,7 @@
 	TODO: check
 CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a ...)
 	- gummi 0.6.5-6 (bug #756432)
-	[jessie] - gummi <no-dsa> (Minor issue)
+	[jessie] - gummi 0.6.5-3+deb8u1
 	[wheezy] - gummi <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
 CVE-2008-7315 [Shell escape vulnerability]
@@ -13375,7 +13375,7 @@
 CVE-2015-5667 (Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module ...)
 	{DLA-339-1}
 	- libhtml-scrubber-perl 0.15-1 (bug #803943)
-	[jessie] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
+	[jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
 	[wheezy] - libhtml-scrubber-perl <no-dsa> (Minor issue; "comment" functionality is off by default)
 	NOTE: Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
 CVE-2015-5666
@@ -14494,7 +14494,7 @@
 CVE-2015-5290 [Remote denial of service using MONITOR command]
 	RESERVED
 	- charybdis 3.4.2-5
-	[jessie] - charybdis <no-dsa> (Minor issue)
+	[jessie] - charybdis 3.4.2-5~deb8u1
 	[wheezy] - charybdis <no-dsa> (Minor issue)
 	- ircd-ratbox <removed> (bug #805065)
 	[jessie] - ircd-ratbox <no-dsa> (Minor issue)
@@ -17594,7 +17594,7 @@
 CVE-2015-4410 [ruby-bson: DoS and possible injection]
 	RESERVED
 	- ruby-bson 1.10.0-2 (bug #787951)
-	[jessie] - ruby-bson <no-dsa> (Minor issue)
+	[jessie] - ruby-bson 1.10.0-1+deb8u1
 	NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
 	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
 	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2016-01-23 14:26:01 UTC (rev 39102)
+++ data/next-point-update.txt	2016-01-23 14:32:35 UTC (rev 39103)
@@ -56,24 +56,3 @@
 	[jessie] - commons-httpclient 3.1-11+deb8u1
 CVE-2015-5251
 	[jessie] - glance 2014.1.3-12+deb8u1
-CVE-2015-5667
-	[jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
-CVE-2015-4410
-	[jessie] - ruby-bson 1.10.0-1+deb8u1
-CVE-2015-XXXX
-	[jessie] - zendframework 1.12.9+dfsg-2+deb8u5
-	NOTE: No CVE will be assigned since security hardening
-	NOTE: For http://framework.zend.com/security/advisory/ZF2015-09
-CVE-2015-8326
-	[jessie] - libiptables-parse-perl 1.1-1+deb8u1
-CVE-2105-5290
-	[jessie] - charybdis 3.4.2-5~deb8u1
-CVE-2015-7869
-	[jessie] - nvidia-graphics-drivers 340.96-1
-CVE-2015-7758
-	[jessie] - gummi 0.6.5-3+deb8u1
-CVE-2015-8378
-	[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
-CVE-2015-XXXX [Insecure permissions for backup directory]
-	[jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
-	NOTE: For #805638

More information about the Secure-testing-commits mailing list