[Secure-testing-commits] r39213 - in data: . CVE

Guido Guenther agx at moszumanska.debian.org
Tue Jan 26 20:51:41 UTC 2016 

Author: agx
Date: 2016-01-26 20:51:41 +0000 (Tue, 26 Jan 2016)
New Revision: 39213

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
nginx in squeeze affected

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-26 20:51:32 UTC (rev 39212)
+++ data/CVE/list	2016-01-26 20:51:41 UTC (rev 39213)
@@ -3824,24 +3824,29 @@
 	RESERVED
 CVE-2016-0748
 	RESERVED
-CVE-2016-0747
+CVE-2016-0747 [CNAME resolution was insufficiently limited]
 	RESERVED
 	- nginx 1.9.10-1 (bug #812806)
 	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
-CVE-2016-0746
+	NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024
+	NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f
+CVE-2016-0746 [Use-after-free condition might occur during CNAME response processing]
 	RESERVED
 	- nginx 1.9.10-1 (bug #812806)
 	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
+	NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f
+	NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806
 CVE-2016-0745
 	RESERVED
 CVE-2016-0744
 	RESERVED
 CVE-2016-0743
 	RESERVED
-CVE-2016-0742
+CVE-2016-0742 [Invalid pointer dereference might occur during DNS server response processing]
 	RESERVED
 	- nginx 1.9.10-1 (bug #812806)
 	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
+	NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3
 CVE-2016-0741
 	RESERVED
 CVE-2016-0740

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-01-26 20:51:32 UTC (rev 39212)
+++ data/dla-needed.txt	2016-01-26 20:51:41 UTC (rev 39213)
@@ -44,6 +44,8 @@
 --
 mysql-5.5 (Santiago R.R.)
 --
+nginx
+--
 nss (Guido Günther)
   NOTE: Trying to sync the solution for CVE-2015-4000 with security team first
   NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html

More information about the Secure-testing-commits mailing list