[Secure-testing-commits] r43169 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jul 13 15:07:14 UTC 2016
Author: jmm
Date: 2016-07-13 15:07:13 +0000 (Wed, 13 Jul 2016)
New Revision: 43169
Modified:
data/CVE/list
Log:
NFUs
update systemd entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-13 14:50:46 UTC (rev 43168)
+++ data/CVE/list 2016-07-13 15:07:13 UTC (rev 43169)
@@ -2709,7 +2709,7 @@
CVE-2016-5235
RESERVED
CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before ...)
- - linux <not-affected>
+ - linux <not-affected> (Vulnerable code never present, introduced and fixed in 3.16 development cycle)
NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1)
NOTE: Fixed by (revert of commit): https://git.kernel.org/linus/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (v3.16-rc1)
CVE-2014-9804 [Avoid a DOS in vision.c due to an infinite loop]
@@ -6791,19 +6791,19 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions ...)
- - systemd 215-4
+ - systemd 215-1
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214)
CVE-2015-8842 (tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions ...)
- - systemd 229-1 (bug #825059)
- [jessie] - systemd <no-dsa> (Minor issue, persistent journal not enabled by default, README.Debian documents Debian way under Jessie)
+ - systemd 215-1 (bug #825059)
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
- NOTE: Fixed by (for current persistent journal): https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f (v229)
- NOTE: For jessie this is not an issue in practice, see discussion in #825059
+ NOTE: Starting with 215 Debian no longer ships tmpfiles.d/systemd.conf, so the fixup upstream added as
+ NOTE: https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f for persistent journals
+ NOTE: is not needed for the packaged version. Anyone using a custom config needs to ensure proper permissions
CVE-2016-7921
REJECTED
CVE-2016-3982 (Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in ...)
More information about the Secure-testing-commits
mailing list