[Secure-testing-commits] r42255 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Jun 2 18:16:38 UTC 2016 

Author: jmm
Date: 2016-06-02 18:16:38 +0000 (Thu, 02 Jun 2016)
New Revision: 42255

Modified:
   data/CVE/list
Log:
xen no-dsa
gdm3 n/a
drop old linux issue, turned out to be a non-issue
old unimportant apt issues fixed
old grub issue n/a (RH-specific)
mark alpine as n/a instead of unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-02 18:15:14 UTC (rev 42254)
+++ data/CVE/list	2016-06-02 18:16:38 UTC (rev 42255)
@@ -822,6 +822,7 @@
 CVE-2016-4963 [Unsanitised driver domain input in libxl device handling]
 	RESERVED
 	- xen <unfixed>
+	[jessie] - xen <no-dsa> (Minor issue, too intrusive to backport)
 	NOTE: http://xenbits.xen.org/xsa/advisory-178.html
 CVE-2016-4962 [Unsanitised guest input in libxl device handling code]
 	RESERVED
@@ -19318,6 +19319,7 @@
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
 CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...)
 	- gdm3 3.18.2-1
+	[jessie] - gdm3  <not-affected> (Vulnerable code not present, unreproducible)
 	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
 	[wheezy] - gdm3  <not-affected> (Vulnerable code not present, unreproducible)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
@@ -25270,8 +25272,7 @@
 	RESERVED
 	- foreman <itp> (bug #663101)
 CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...)
-	- grub2 <undetermined>
-	TODO: check, possibly Red Hat specific
+	- grub2 <not-affected> (SecureBoot not yet supported)
 CVE-2015-5280
 	REJECTED
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in ...)
@@ -36391,8 +36392,7 @@
 	- efl <not-affected> (Only used when building on Windows, see #778414)
 	- ptlib <unfixed> (unimportant; bug #778404)
 	NOTE: ptlib uses the regex code from glibc, local fallback code not used
-	- alpine <unfixed> (unimportant; bug #778413)
-	NOTE: alpine uses the regex code from glibc, local fallback code not used
+	- alpine <not-affected> (alpine uses the regex code from glibc, local fallback code not used, bug #778413)
 	- vigor 0.016-24 (unimportant; bug #778409)
 	[wheezy] - vigor 0.016-19+deb7u1
 	- nvi <unfixed> (unimportant; bug #778412)
@@ -94428,7 +94428,7 @@
 CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
-	- apt <unfixed> (unimportant)
+	- apt 0.7.25 (unimportant)
 	NOTE: net-update is disabled by default on Debian
 CVE-2012-3586
 	RESERVED
@@ -101125,7 +101125,7 @@
 CVE-2012-0955
 	RESERVED
 CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
-	- apt <unfixed> (unimportant)
+	- apt 0.7.25 (unimportant)
 	NOTE: net-update is not enabled by default in Debian
 CVE-2012-0953
 	RESERVED
@@ -155704,8 +155704,6 @@
 	NOT-FOR-US: Skype
 CVE-2008-2544
 	RESERVED
-	- linux <undetermined>
-	TODO: check
 CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...)
 	- asterisk-addons 1.4.7-1 (bug #484796)
 CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in ...)

More information about the Secure-testing-commits mailing list