[Secure-testing-commits] r42391 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jun 8 06:10:25 UTC 2016 

Author: jmm
Date: 2016-06-08 06:10:25 +0000 (Wed, 08 Jun 2016)
New Revision: 42391

Modified:
   data/CVE/list
Log:
new firefox issues
drop pycurl entry, no evidence of being exploitable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-08 06:04:14 UTC (rev 42390)
+++ data/CVE/list	2016-06-08 06:10:25 UTC (rev 42391)
@@ -7006,32 +7006,55 @@
 	RESERVED
 CVE-2016-2834
 	RESERVED
+	- nss <unfixed>
+	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
+	- firefox <unfixed>
 CVE-2016-2833
 	RESERVED
+	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
+	- firefox <unfixed>
 CVE-2016-2832
 	RESERVED
+	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
+	- firefox <unfixed>
 CVE-2016-2831
 	RESERVED
+	- firefox-esr <unfixed>
+	- firefox <unfixed>
 CVE-2016-2830
 	RESERVED
 CVE-2016-2829
 	RESERVED
+	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
+	- firefox <unfixed>
 CVE-2016-2828
 	RESERVED
+	- firefox-esr <unfixed>
+	- firefox <unfixed>
 CVE-2016-2827
 	RESERVED
 CVE-2016-2826
 	RESERVED
+	- firefox-esr <not-affected> (Only affects Windows)
+	- firefox <not-affected> (Only affects Windows)
 CVE-2016-2825
 	RESERVED
+	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
+	- firefox <unfixed>
 CVE-2016-2824
 	RESERVED
+	- firefox-esr <not-affected> (Only affects Windows)
+	- firefox <not-affected> (Only affects Windows)
 CVE-2016-2823
 	RESERVED
 CVE-2016-2822
 	RESERVED
+	- firefox-esr <unfixed>
+	- firefox <unfixed>
 CVE-2016-2821
 	RESERVED
+	- firefox-esr <unfixed>
+	- firefox <unfixed>
 CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
@@ -7039,8 +7062,12 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
 CVE-2016-2819
 	RESERVED
+	- firefox-esr <unfixed>
+	- firefox <unfixed>
 CVE-2016-2818
 	RESERVED
+	- firefox-esr <unfixed>
+	- firefox <unfixed>
 CVE-2016-2817 (The WebExtension sandbox feature in ...)
 	- iceweasel <not-affected> (Only Firefox 46)
 	- firefox-esr <not-affected> (Only Firefox 46)
@@ -7053,6 +7080,8 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
 CVE-2016-2815
 	RESERVED
+	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
+	- firefox <unfixed>
 CVE-2016-2814 (Heap-based buffer overflow in the ...)
 	{DSA-3559-1}
 	- iceweasel <removed>
@@ -17933,13 +17962,6 @@
 	RESERVED
 CVE-2014-9754
 	RESERVED
-CVE-2015-XXXX [use afer free]
-	- pycurl <unfixed>
-	[wheezy] - pycurl <not-affected> (Vulnerable code introduced later)
-	[squeeze] - pycurl <not-affected> (Vulnerable code introduced later)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/03/4
-	NOTE: Upstream commit: https://github.com/pycurl/pycurl/commit/602f8e364634d386524f0396e962c2c9de0536a9
-	NOTE: support for BUFFER and BUFFERPTR form parameters added with https://github.com/clintclayton/pycurl/commit/642f87afc14fc79c202c3b10b95ad35e97aa8615
 CVE-2015-8075
 	REJECTED
 CVE-2015-8033

More information about the Secure-testing-commits mailing list