[Secure-testing-commits] r42306 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jun 4 14:33:58 UTC 2016
Author: carnil
Date: 2016-06-04 14:33:51 +0000 (Sat, 04 Jun 2016)
New Revision: 42306
Modified:
data/CVE/list
Log:
Second batch of issues fixed via jessie point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-04 14:26:17 UTC (rev 42305)
+++ data/CVE/list 2016-06-04 14:33:51 UTC (rev 42306)
@@ -1993,7 +1993,7 @@
RESERVED
{DLA-470-1}
- libksba 1.3.4-3
- [jessie] - libksba <no-dsa> (Minor issue)
+ [jessie] - libksba 1.3.2-1+deb8u1
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
CVE-2016-4572
RESERVED
@@ -10788,7 +10788,7 @@
RESERVED
{DLA-408-1}
- gosa 2.7.4+reloaded2-6
- [jessie] - gosa <no-dsa> (Will be fixed via jessie point release)
+ [jessie] - gosa 2.7.4+reloaded2-1+deb8u2
NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in ...)
{DSA-3541-1 DLA-392-1}
@@ -11366,7 +11366,7 @@
CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer ...)
{DLA-414-1}
- chrony 2.2.1-1 (low; bug #812923)
- [jessie] - chrony <no-dsa> (Minor issue)
+ [jessie] - chrony 1.30-2+deb8u2
[wheezy] - chrony <no-dsa> (Minor issue)
NOTE: http://www.talosintel.com/reports/TALOS-2016-0071/
NOTE: http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released
@@ -25692,11 +25692,11 @@
RESERVED
CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly ...)
- icedtea-web 1.6.1-1 (bug #798467)
- [jessie] - icedtea-web <no-dsa> (Minor issue)
+ [jessie] - icedtea-web 1.5.3-1
[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5234 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly ...)
- icedtea-web 1.6.1-1 (bug #798467)
- [jessie] - icedtea-web <no-dsa> (Minor issue)
+ [jessie] - icedtea-web 1.5.3-1
[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5233 (Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply ...)
- foreman <itp> (bug #663101)
@@ -28551,7 +28551,7 @@
CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in ...)
[experimental] - policykit-1 0.113-1
- policykit-1 0.105-12 (low; bug #796134)
- [jessie] - policykit-1 <no-dsa> (Minor issue)
+ [jessie] - policykit-1 0.105-15~deb8u1
[wheezy] - policykit-1 <no-dsa> (Minor issue)
[squeeze] - policykit-1 <no-dsa> (Minor issue)
NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
@@ -31308,7 +31308,7 @@
CVE-2015-3255 (The polkit_backend_action_pool_init function in ...)
[experimental] - policykit-1 0.113-1
- policykit-1 0.105-12 (bug #796134)
- [jessie] - policykit-1 <no-dsa> (Minor issue)
+ [jessie] - policykit-1 0.105-15~deb8u1
[wheezy] - policykit-1 <no-dsa> (Minor issue)
[squeeze] - policykit-1 <no-dsa> (Minor issue)
NOTE: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f
@@ -31495,7 +31495,7 @@
CVE-2015-3218 (The authentication_agent_new function in ...)
[experimental] - policykit-1 0.113-1
- policykit-1 0.105-11 (bug #787932)
- [jessie] - policykit-1 <no-dsa> (Minor issue)
+ [jessie] - policykit-1 0.105-15~deb8u1
[wheezy] - policykit-1 <no-dsa> (Minor issue)
[squeeze] - policykit-1 <not-affected> (Vulnerable code introduced later)
NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
@@ -32154,36 +32154,36 @@
CVE-2016-4353 [denial of service due to stack overflow in src/ber-decoder.c]
RESERVED
- libksba 1.3.3-1 (low)
+ [jessie] - libksba 1.3.2-1+deb8u1
+ [wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- [wheezy] - libksba <no-dsa> (Minor issue)
- [jessie] - libksba <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
CVE-2016-4355
RESERVED
- libksba 1.3.3-1 (low)
+ [jessie] - libksba 1.3.2-1+deb8u1
+ [wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- [wheezy] - libksba <no-dsa> (Minor issue)
- [jessie] - libksba <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4354
RESERVED
- libksba 1.3.3-1 (low)
+ [jessie] - libksba 1.3.2-1+deb8u1
+ [wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- [wheezy] - libksba <no-dsa> (Minor issue)
- [jessie] - libksba <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4356
RESERVED
- libksba 1.3.3-1 (low)
+ [jessie] - libksba 1.3.2-1+deb8u1
+ [wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- [wheezy] - libksba <no-dsa> (Minor issue)
- [jessie] - libksba <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
More information about the Secure-testing-commits
mailing list