[Secure-testing-commits] r42231 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Jun 2 04:26:00 UTC 2016 

Author: carnil
Date: 2016-06-02 04:26:00 +0000 (Thu, 02 Jun 2016)
New Revision: 42231

Modified:
   data/CVE/list
Log:
Add fixed version information for libxml2 in unstable upload

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-02 04:20:20 UTC (rev 42230)
+++ data/CVE/list	2016-06-02 04:26:00 UTC (rev 42231)
@@ -2200,7 +2200,7 @@
 	[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
 CVE-2016-4449
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4)
 CVE-2016-4448
@@ -2214,7 +2214,7 @@
 	TODO: check versions, applying the two commits quite intrusive
 CVE-2016-4447
 	RESERVED
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4)
 CVE-2016-4446
@@ -2320,7 +2320,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
 CVE-2016-4483
 	RESERVED
-	- libxml2 <unfixed> (bug #823405)
+	- libxml2 2.9.3+dfsg1-1.1 (bug #823405)
 	[jessie] - libxml2 <no-dsa> (Minor issue, only when using libxml2 using recovery mode)
 	[wheezy] - libxml2 <no-dsa> (Minor issue, only when using libxml2 using recovery mode)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd (v2.9.4)
@@ -4263,7 +4263,7 @@
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
 CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...)
-	- libxml2 <unfixed> (bug #823414)
+	- libxml2 2.9.3+dfsg1-1.1 (bug #823414)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
 CVE-2016-3704
@@ -4571,7 +4571,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
 CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and ...)
-	- libxml2 <unfixed> (bug #819006)
+	- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
@@ -9030,7 +9030,7 @@
 CVE-2016-2093
 	RESERVED
 CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
-	- libxml2 <unfixed> (bug #813613)
+	- libxml2 2.9.3+dfsg1-1.1 (bug #813613)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
 	NOTE: Same fix as CVE-2016-1839 seems to resolve the issue
 CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not ...)
@@ -9279,7 +9279,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
 	NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
 CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...)
-	- libxml2 <unfixed> (bug #812807)
+	- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
 	NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
@@ -10155,40 +10155,40 @@
 	- libxslt <undetermined>
 	TODO: check, most likely *not* only Apple specific
 CVE-2016-1840 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
 CVE-2016-1839 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
 	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637
 CVE-2016-1838 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
 CVE-2016-1837 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
 CVE-2016-1836 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	[wheezy] - libxml2 <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)
 	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
 	NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
 CVE-2016-1835 (libxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
 CVE-2016-1834 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE:  https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
 CVE-2016-1833 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76 (v2.9.4)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758606
 CVE-2016-1832 (libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
@@ -10332,7 +10332,7 @@
 CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill ...)
 	TODO: check
 CVE-2016-1762 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before ...)
-	- libxml2 <unfixed>
+	- libxml2 2.9.3+dfsg1-1.1
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
 	TODO: check versions, upstream bug not yet public open but referenced in commit

More information about the Secure-testing-commits mailing list