[Secure-testing-commits] r42352 - in data: CVE DLA DSA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jun 6 16:19:27 UTC 2016 

Author: carnil
Date: 2016-06-06 16:19:27 +0000 (Mon, 06 Jun 2016)
New Revision: 42352

Modified:
   data/CVE/list
   data/DLA/list
   data/DSA/list
Log:
CVE-2016-4347 rejected

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-06 14:19:25 UTC (rev 42351)
+++ data/CVE/list	2016-06-06 16:19:27 UTC (rev 42352)
@@ -8480,11 +8480,6 @@
 	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
 CVE-2016-4347
 	RESERVED
-	{DSA-3584-1 DLA-477-1}
-	- librsvg 2.40.12-1
-	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 (2.40.12)
-	NOTE: Gustavo Grieco confirmed that this is probably the same issue as CVE-2015-7558
-	NOTE: Possibly CVE-2016-4347 will/should be rejected or still be used.
 CVE-2016-4346 (Integer overflow in the str_pad function in ext/standard/string.c in ...)
 	- php7.0 7.0.4-1
 	- php5 <undetermined>

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-06-06 14:19:25 UTC (rev 42351)
+++ data/DLA/list	2016-06-06 16:19:27 UTC (rev 42352)
@@ -84,7 +84,7 @@
 	{CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556}
 	[wheezy] - squid3 3.1.20-2.2+deb7u5
 [16 May 2016] DLA-477-1 librsvg - security update
-	{CVE-2015-7558 CVE-2016-4347 CVE-2016-4348}
+	{CVE-2015-7558 CVE-2016-4348}
 	[wheezy] - librsvg 2.36.1-2+deb7u2
 [16 May 2016] DLA-476-1 libidn - security update
 	{CVE-2015-2059}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2016-06-06 14:19:25 UTC (rev 42351)
+++ data/DSA/list	2016-06-06 16:19:27 UTC (rev 42352)
@@ -34,7 +34,7 @@
 	{CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085}
 	[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u6
 [19 May 2016] DSA-3584-1 librsvg - security update
-	{CVE-2015-7558 CVE-2016-4347 CVE-2016-4348}
+	{CVE-2015-7558 CVE-2016-4348}
 	[jessie] - librsvg 2.40.5-1+deb8u2
 [18 May 2016] DSA-3583-1 swift-plugin-s3 - security update
 	{CVE-2015-8466}

More information about the Secure-testing-commits mailing list