[Secure-testing-commits] r42334 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Mon Jun 6 00:31:38 UTC 2016 

Author: benh
Date: 2016-06-06 00:31:38 +0000 (Mon, 06 Jun 2016)
New Revision: 42334

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-05 21:10:14 UTC (rev 42333)
+++ data/CVE/list	2016-06-06 00:31:38 UTC (rev 42334)
@@ -29,10 +29,12 @@
 CVE-2016-5241
 	RESERVED
 	- graphicsmagick 1.3.24-1
+	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
 CVE-2016-5240
 	RESERVED
 	- graphicsmagick 1.3.24-1
+	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
 	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
 CVE-2016-5237
 	RESERVED
@@ -661,6 +663,7 @@
 CVE-2016-5108 [crash and potential code execution when processing QuickTime IMA files]
 	RESERVED
 	- vlc 2.2.3-2 (bug #825728)
+	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
 	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
 CVE-2016-5090

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-06-05 21:10:14 UTC (rev 42333)
+++ data/dla-needed.txt	2016-06-06 00:31:38 UTC (rev 42334)
@@ -20,6 +20,8 @@
 --
 dhcpcd5 (Ola Lundqvist)
 --
+expat
+--
 extplorer
   NOTE: 20160529, no fix yet
 --
@@ -30,6 +32,8 @@
 icu (Roberto C. Sánchez)
   NOTE: check comments on CVE-2016-0494 as well
 --
+imagemagick
+--
 libjackson-json-java
 --
 libpdfbox-java (Markus Koschany)
@@ -38,6 +42,8 @@
   The JSON/JaF doesn't appear to be present in wheezy but the
   content-disposition stuff might be.
 --
+libtorrent-rasterbar
+--
 libxslt (Emilio Pozuelo)
 --
 libxstream-java (Markus Koschany)
@@ -47,19 +53,33 @@
 --
 linux
 --
+mat
+--
 mxml
 --
+mysql-connector-java
+--
 nss (Ola Lundqvist)
 --
 ntp (Santiago R.R.)
   NOTE: maintainer would like help working on the updates but will handle the updates himself
   NOTE: 20160518175636.GA29165 at roeckx.be
 --
+openssl
+  NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
+  NOTE: because the wheezy version is completely missing the checks being
+  NOTE: fixed!  Those checks should probably be added by cherry-picking
+  NOTE: additional upstream changes.
+--
 p7zip (Brian May)
   NOTE: CPP/7zip/Archive/Udf/UdfIn.cpp line 261?
 --
 php5 (Thorsten Alteholz)
 --
+qemu
+--
+qemu-kvm
+--
 quagga
   NOTE: see dsa-needed's notes.
   NOTE: Maintainer's answer: https://lists.debian.org/msgid-search/878tzv6pru.fsf@mid.deneb.enyo.de

More information about the Secure-testing-commits mailing list