[Secure-testing-commits] r39104 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 23 14:44:57 UTC 2016
Author: carnil
Date: 2016-01-23 14:44:57 +0000 (Sat, 23 Jan 2016)
New Revision: 39104
Modified:
data/CVE/list
data/next-point-update.txt
Log:
More fixes merged from Jessie 8.3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-23 14:32:35 UTC (rev 39103)
+++ data/CVE/list 2016-01-23 14:44:57 UTC (rev 39104)
@@ -7222,20 +7222,20 @@
CVE-2015-8026 [Heap overflow]
RESERVED
- exfat-utils 1.2.1-1
- [jessie] - exfat-utils <no-dsa> (Minor issue)
+ [jessie] - exfat-utils 1.1.0-2+deb8u1
[wheezy] - exfat-utils <no-dsa> (Minor issue)
- fuse-exfat 1.2.1-1
- [jessie] - fuse-exfat <no-dsa> (Minor issue)
+ [jessie] - fuse-exfat 1.1.0-2+deb8u1
[wheezy] - fuse-exfat <no-dsa> (Minor issue)
NOTE: https://github.com/relan/exfat/issues/5
NOTE: https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum
NOTE: https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786
CVE-2015-XXXX [Endlees loop issue]
- exfat-utils 1.2.1-1
- [jessie] - exfat-utils <no-dsa> (Minor issue)
+ [jessie] - exfat-utils 1.1.0-2+deb8u1
[wheezy] - exfat-utils <no-dsa> (Minor issue)
- fuse-exfat 1.2.1-1
- [jessie] - fuse-exfat <no-dsa> (Minor issue)
+ [jessie] - fuse-exfat 1.1.0-2+deb8u1
[wheezy] - fuse-exfat <no-dsa> (Minor issue)
NOTE: https://github.com/relan/exfat/issues/6
NOTE: https://crashes.fuzzing-project.org/exfatfsck-endless-loop
@@ -7633,7 +7633,7 @@
- lldpd 0.7.19-1
[squeeze] - lldpd <not-affected> (Vulnerable code not present)
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
- [jessie] - lldpd <no-dsa> (Minor issue, will be fixed trough pu)
+ [jessie] - lldpd 0.7.11-2+deb8u1
NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
CVE-2015-8012 [lldpd: asserts triggered by malformed packets]
@@ -7641,7 +7641,7 @@
- lldpd 0.7.19-1
[squeeze] - lldpd <not-affected> (Vulnerable code not present)
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
- [jessie] - lldpd <no-dsa> (Minor issue, will be fixed trough pu)
+ [jessie] - lldpd 0.7.11-2+deb8u1
NOTE: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
@@ -10719,15 +10719,15 @@
RESERVED
{DSA-3369-1}
- php-doctrine-annotations 1.2.7-1 (low)
- [jessie] - php-doctrine-annotations <no-dsa> (Minor issue)
+ [jessie] - php-doctrine-annotations 1.2.1-1+deb8u1
- php-doctrine-cache 1.4.2-1 (low)
- [jessie] - php-doctrine-cache <no-dsa> (Minor issue)
+ [jessie] - php-doctrine-cache 1.3.1-1+deb8u1
[experimental] - php-doctrine-common 2.5.1-1
- php-doctrine-common 2.4.3-1 (low)
- [jessie] - php-doctrine-common <no-dsa> (Minor issue)
+ [jessie] - php-doctrine-common 2.4.2-2+deb8u1
[experimental] - doctrine 2.5.1+dfsg-1
- doctrine 2.4.8-1 (low)
- [jessie] - doctrine <no-dsa> (Minor issue)
+ [jessie] - doctrine 2.4.6-1+deb8u1
[wheezy] - doctrine <no-dsa> (Minor issue)
[squeeze] - doctrine <no-dsa> (Minor issue)
[experimental] - aws-sdk-for-php 3.2.1-1
@@ -12537,7 +12537,7 @@
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx 304.128-5
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.128-1
CVE-2015-5949 (VideoLAN VLC media player 2.2.1 allows remote attackers to cause a ...)
{DSA-3342-1}
- vlc 2.2.1-3 (bug #796255)
@@ -14631,7 +14631,7 @@
[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
- commons-httpclient 3.1-12 (bug #798650)
- [jessie] - commons-httpclient <no-dsa> (Will be fixed in a point release)
+ [jessie] - commons-httpclient 3.1-11+deb8u1
[wheezy] - commons-httpclient <no-dsa> (Will be fixed in a point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261538
NOTE: https://issues.apache.org/jira/browse/HTTPCLIENT-1478 says it's really fixed in 4.3.6 and that 4.2.x did not have this bug.
@@ -14679,7 +14679,7 @@
CVE-2015-5251 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
- glance 1:11.0.0-1 (bug #799931)
[wheezy] - glance <no-dsa> (Minor issue)
- [jessie] - glance <no-dsa> (Minor issue)
+ [jessie] - glance 2014.1.3-12+deb8u1
NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
CVE-2015-5250 (The API server in OpenShift Origin 1.0.5 allows remote attackers to ...)
NOT-FOR-US: OpenShift
@@ -14791,7 +14791,7 @@
NOTE: https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9 (v2.27-rc2)
CVE-2015-5223 (OpenStack Object Storage (Swift) before 2.4.0 allows attackers to ...)
- swift 2.4.0-1 (bug #797032)
- [jessie] - swift <no-dsa> (Will be fixed in a point update)
+ [jessie] - swift 2.2.0-1+deb8u1
[wheezy] - swift <no-dsa> (Minor issue)
CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check ...)
NOT-FOR-US: OpenShift
@@ -16224,6 +16224,7 @@
CVE-2015-4715 [Mounted Dropbox storage allows "Dropbox.com" to access any file]
RESERVED
- php-dropbox 1.0.0-4 (unimportant)
+ [jessie] - php-dropbox 1.0.0-3+deb8u1
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-005
NOTE: Only relevant if server runs PHP below 5.6.0
CVE-2015-4714 (Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S ...)
@@ -20338,7 +20339,7 @@
[wheezy] - groovy <no-dsa> (Minor impact given the rdeps, will be fixed in a point update)
[jessie] - groovy <no-dsa> (Minor impact given the rdeps, will be fixed in a point update)
- groovy2 2.2.2+dfsg-5 (bug #793398)
- [jessie] - groovy2 <no-dsa> (Minor impact given the rdeps, will be fixed in a point update)
+ [jessie] - groovy2 2.2.2+dfsg-3+deb8u1
CVE-2015-3252
RESERVED
CVE-2015-3251
@@ -20583,7 +20584,7 @@
RESERVED
{DLA-265-2 DLA-265-1}
- pykerberos 1.1.5-1 (bug #796195)
- [jessie] - pykerberos <no-dsa> (Too intrusive, may be fixed through a stable proposed-update)
+ [jessie] - pykerberos 1.1.5-0.1+deb8u1
[wheezy] - pykerberos <no-dsa> (Too intrusive, may be fixed through a stable proposed-update)
NOTE: CVE originally assigned for python-kerberos, pykerberos is a fork of the
NOTE: former.
@@ -24715,7 +24716,7 @@
RESERVED
CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version is ...)
- swift 2.2.0-2 (bug #783163)
- [jessie] - swift <no-dsa> (Minor issue)
+ [jessie] - swift 2.2.0-1+deb8u1
[wheezy] - swift <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1430645
CVE-2015-1855 [OpenSSL extension hostname matching implementation violates RFC 6125]
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2016-01-23 14:32:35 UTC (rev 39103)
+++ data/next-point-update.txt 2016-01-23 14:44:57 UTC (rev 39104)
@@ -6,7 +6,6 @@
[jessie] - ansible 1.7.2+dfsg-2+deb8u1
CVE-2015-3253
[jessie] - groovy 1.8.6-4+deb8u1
- [jessie] - groovy2 2.2.2+dfsg-3+deb8u1
CVE-2015-5073
[jessie] - pcre3 2:8.35-3.3+deb8u1
CVE-2015-8388
@@ -21,38 +20,9 @@
[jessie] - pcre3 2:8.35-3.3+deb8u1
CVE-2015-2325
[jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-3206
- [jessie] - pykerberos 1.1.5-0.1+deb8u1
-CVE-2015-4715
- [jessie] - php-dropbox 1.0.0-3+deb8u1
-CVE-2015-5723
- [jessie] - doctrine 2.4.6-1+deb8u1
- [jessie] - php-doctrine-annotations 1.2.1-1+deb8u1
- [jessie] - php-doctrine-cache 1.3.1-1+deb8u1
- [jessie] - php-doctrine-common 2.4.2-2+deb8u1
CVE-2015-5741
[jessie] - golang 2:1.3.3-1+deb8u1
CVE-2015-5740
[jessie] - golang 2:1.3.3-1+deb8u1
CVE-2015-5739
[jessie] - golang 2:1.3.3-1+deb8u1
-CVE-2015-1856
- [jessie] - swift 2.2.0-1+deb8u1
-CVE-2015-5223
- [jessie] - swift 2.2.0-1+deb8u1
-CVE-2015-5950
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.128-1
-CVE-2015-8011 [lldpd: buffer overflow when handling management address TLV]
- [jessie] - lldpd 0.7.11-2+deb8u1
-CVE-2015-8012 [lldpd: asserts triggered by malformed packets]
- [jessie] - lldpd 0.7.11-2+deb8u1
-CVE-2015-8026 [Heap overflow]
- [jessie] - exfat-utils 1.1.0-2+deb8u1
- [jessie] - fuse-exfat 1.1.0-2+deb8u1
-CVE-2015-XXXX [Endlees loop issue]
- [jessie] - exfat-utils 1.1.0-2+deb8u1
- [jessie] - fuse-exfat 1.1.0-2+deb8u1
-CVE-2015-5262
- [jessie] - commons-httpclient 3.1-11+deb8u1
-CVE-2015-5251
- [jessie] - glance 2014.1.3-12+deb8u1
More information about the Secure-testing-commits
mailing list