[Secure-testing-commits] r42305 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 4 14:26:17 UTC 2016
Author: carnil
Date: 2016-06-04 14:26:17 +0000 (Sat, 04 Jun 2016)
New Revision: 42305
Modified:
data/CVE/list
Log:
Add first batch of fixes from jessie point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-04 14:18:42 UTC (rev 42304)
+++ data/CVE/list 2016-06-04 14:26:17 UTC (rev 42305)
@@ -3629,7 +3629,7 @@
NOT-FOR-US: SAP
CVE-2016-XXXX [ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1]
- zendframework 1.12.18+dfsg-1
- [jessie] - zendframework <no-dsa> (Minor issue)
+ [jessie] - zendframework 1.12.9+dfsg-2+deb8u6
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2016-01
CVE-2016-4013
@@ -3791,7 +3791,7 @@
CVE-2016-3995 [Timing Attack Counter Measure AES]
RESERVED
- libcrypto++ 5.6.3-6
- [jessie] - libcrypto++ <no-dsa> (Minor issue)
+ [jessie] - libcrypto++ 5.6.1-6+deb8u2
[wheezy] - libcrypto++ <no-dsa> (Minor issue)
NOTE: https://github.com/weidai11/cryptopp/issues/146
NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
@@ -19780,7 +19780,7 @@
NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
CVE-2015-8076 (The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before ...)
- cyrus-imapd-2.4 2.4.17+nocaldav-2
- [jessie] - cyrus-imapd-2.4 <no-dsa> (Will be fixed via a jessie-pu)
+ [jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
[wheezy] - cyrus-imapd-2.4 <no-dsa> (Minor issue; can be fixed alone in a future DLA)
NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
@@ -31317,8 +31317,8 @@
CVE-2015-3253 (The MethodClosure class in runtime/MethodClosure.java in Apache Groovy ...)
{DLA-274-1}
- groovy <unfixed> (bug #793397)
+ [jessie] - groovy 1.8.6-4+deb8u1
[wheezy] - groovy <no-dsa> (Minor impact given the rdeps, will be fixed in a point update)
- [jessie] - groovy <no-dsa> (Minor impact given the rdeps, will be fixed in a point update)
- groovy2 2.2.2+dfsg-5 (bug #793398)
[jessie] - groovy2 2.2.2+dfsg-3+deb8u1
CVE-2015-3252 (Apache CloudStack before 4.5.2 does not properly preserve VNC ...)
@@ -37437,7 +37437,7 @@
[squeeze] - xchat-gnome <no-dsa> (Minor issue)
[wheezy] - xchat-gnome <no-dsa> (Minor issue)
- hexchat 2.10.2-1 (bug #818009)
- [jessie] - hexchat <no-dsa> (Minor issue)
+ [jessie] - hexchat 2.10.1-1+deb8u1
NOTE: https://github.com/hexchat/hexchat/issues/524
NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d (v2.12.0)
NOTE: https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 (v2.10.2)
More information about the Secure-testing-commits
mailing list