[Secure-testing-commits] r43204 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Thu Jul 14 22:27:07 UTC 2016 

Author: benh
Date: 2016-07-14 22:27:07 +0000 (Thu, 14 Jul 2016)
New Revision: 43204

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-14 21:10:11 UTC (rev 43203)
+++ data/CVE/list	2016-07-14 22:27:07 UTC (rev 43204)
@@ -100,12 +100,14 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/07/13/11
 CVE-2016-6224 [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive]
 	- ecryptfs-utils <unfixed>
+	[wheezy] - ecryptfs-utils <not-affected> (Broken code not present)
 	NOTE: Actually due to an incomplete fix of LP#1447282
 	NOTE: https://launchpad.net/bugs/1597154
 	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2015-8946 [ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning]
 	- ecryptfs-utils <unfixed>
+	[wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 onward)
 	NOTE: https://launchpad.net/bugs/1447282
 	NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
 	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
@@ -135,7 +137,8 @@
 CVE-2016-XXXX [Insecure use of /tmp]
 	- leptonlib <unfixed> (bug #830660)
 	[jessie] - leptonlib <no-dsa> (Minor issue)
-	NOTE: Not exploitable with kernel hardening since jessie
+	[wheezy] - leptonlib <no-dsa> (Minor issue)
+	NOTE: Not exploitable with kernel hardening since wheezy
 CVE-2016-6198
 	RESERVED
 	- linux 4.5.5-1
@@ -3577,6 +3580,7 @@
 	RESERVED
 	- util-linux <unfixed> (bug #830802)
 	[jessie] - util-linux <no-dsa> (Minor issue)
+	[wheezy] - util-linux <no-dsa> (Minor issue)
 	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
 	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
 CVE-2016-5010

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-07-14 21:10:11 UTC (rev 43203)
+++ data/dla-needed.txt	2016-07-14 22:27:07 UTC (rev 43204)
@@ -24,6 +24,8 @@
 cakephp
   NOTE: CVE-2015-8379 No official solution is currently available, 20160425
 --
+drupal7
+--
 extplorer
   NOTE: 20160529, no fix yet
   NOTE: 20160618, still no fix
@@ -32,6 +34,8 @@
 --
 gdb
 --
+gdk-pixbuf
+--
 gosa (Mike Gabriel)
   NOTE: .debdiff sent to the Security Team, waiting for feedback
   NOTE: asked about jessie status (seb)

More information about the Secure-testing-commits mailing list