[Secure-testing-commits] r39387 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Jan 31 21:10:12 UTC 2016 

Author: sectracker
Date: 2016-01-31 21:10:11 +0000 (Sun, 31 Jan 2016)
New Revision: 39387

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-31 19:43:26 UTC (rev 39386)
+++ data/CVE/list	2016-01-31 21:10:11 UTC (rev 39387)
@@ -1121,6 +1121,7 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
 CVE-2015-8771 [Possibility of code injection when setting passwords for Samba]
 	RESERVED
+	{DLA-408-1}
 	- gosa 2.7.4+reloaded2-6
 	NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
 CVE-2015-8770 [remote code execution / path traversal]
@@ -3974,7 +3975,7 @@
 	RESERVED
 CVE-2016-0756 [insecure dialback key generation/validation algorithm]
 	RESERVED
-	{DLA-407-1}
+	{DSA-3463-1 DLA-407-1}
 	- prosody 0.9.10-1
 	NOTE: http://blog.prosody.im/prosody-0-9-10-released/
 	NOTE: https://prosody.im/security/advisory_20160127/
@@ -3991,6 +3992,7 @@
 	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
 CVE-2016-0753 [Possible Input Validation Circumvention in Active Model]
 	RESERVED
+	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -4003,6 +4005,7 @@
 	TODO: check
 CVE-2016-0752 [Possible Information Leak Vulnerability in Action View]
 	RESERVED
+	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -4011,6 +4014,7 @@
 	TODO: check
 CVE-2016-0751 [Possible Object Leak and Denial of Service attack in Action Pack]
 	RESERVED
+	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -7538,7 +7542,7 @@
 	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
 	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
 	NOTE: https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
-        NOTE: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
+	NOTE: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
 CVE-2015-7975 [nextvar() missing length check]
 	RESERVED
 	- ntp <unfixed>
@@ -8795,6 +8799,7 @@
 	RESERVED
 CVE-2015-7581 [Object leak vulnerability for wildcard controller routes in Action Pack]
 	RESERVED
+	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -8812,6 +8817,7 @@
 	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
 CVE-2015-7577 [Nested attributes rejection proc bypass in Active Record]
 	RESERVED
+	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -8820,6 +8826,7 @@
 	TODO: check
 CVE-2015-7576 [Timing attack vulnerability in basic authentication in Action Controller]
 	RESERVED
+	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
 	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
@@ -20961,6 +20968,7 @@
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
 	NOTE: File to reproduce segfault with ps2pdf: http://bugs.ghostscript.com/attachment.cgi?id=11776
 CVE-2015-3227 (The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...)
+	{DSA-3464-1}
 	- rails <unfixed> (bug #790487)
 	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
@@ -20968,6 +20976,7 @@
 	- ruby-activesupport-2.3 <removed>
 	[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
 CVE-2015-3226 (Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...)
+	{DSA-3464-1}
 	- rails <unfixed> (bug #790486)
 	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
 	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)

More information about the Secure-testing-commits mailing list