[Secure-testing-commits] r42577 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Jun 16 17:58:37 UTC 2016 

Author: jmm
Date: 2016-06-16 17:58:37 +0000 (Thu, 16 Jun 2016)
New Revision: 42577

Modified:
   data/CVE/list
Log:
bug filed for kinit
icedove fixed (version in sid uses system nss anyway)
clamav fixed (mentioned in Cisco document)
one linux issue RH-specific


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-16 17:56:29 UTC (rev 42576)
+++ data/CVE/list	2016-06-16 17:58:37 UTC (rev 42577)
@@ -6525,7 +6525,7 @@
 	- jenkins <removed>
 CVE-2016-3100
 	RESERVED
-	- kinit <unfixed>
+	- kinit <unfixed> (bug #827476)
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=358593
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=363140
 	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
@@ -10491,7 +10491,7 @@
 	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
-	- icedove <unfixed>
+	- icedove 38.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
 	- nss 2:3.21-1
 	TODO: check if really fixed already in 3.21 upstream or only in 3.21.1
@@ -12484,8 +12484,7 @@
 CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
 	NOT-FOR-US: Cisco
 CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...)
-	- clamav <undetermined>
-	TODO: check if Cisco usage specific
+	- clamav 0.99+dfsg-1
 CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
 	NOT-FOR-US: Cisco
 CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...)
@@ -46386,9 +46385,7 @@
 	RESERVED
 CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
 	RESERVED
-	- linux <undetermined>
-	NOTE: Claimed to be specific to RHEL-7 kernels and not affecting upstream
-	TODO: check
+	- linux <not-affected> (Specific to RHEL 7)
 CVE-2014-8180
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite

More information about the Secure-testing-commits mailing list