[Secure-testing-commits] r42852 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jun 28 17:44:56 UTC 2016 

Author: jmm
Date: 2016-06-28 17:44:56 +0000 (Tue, 28 Jun 2016)
New Revision: 42852

Modified:
   data/CVE/list
Log:
iperf, mat, libjgroups-java no-dsa
new libreoffice issue
nodejs unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-28 15:48:59 UTC (rev 42851)
+++ data/CVE/list	2016-06-28 17:44:56 UTC (rev 42852)
@@ -1942,6 +1942,7 @@
 	- imagemagick 8:6.8.9.9-4 (bug #773834)
 CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
 	- mat <unfixed> (bug #826101)
+	[jessie] - mat <no-dsa> (Documented short-coming, can possibly be fixed by migrating to new upstream release)
 	NOTE: https://labs.riseup.net/code/issues/11067
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
 CVE-2016-5239 [ImageMagick, GraphicsMagick: Gnuplot delegate vulnerability allowing command injection]
@@ -4775,6 +4776,8 @@
 	NOT-FOR-US: Lantronix xPrintServer
 CVE-2016-4324
 	RESERVED
+	- libreoffice <unfixed>
+	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
 CVE-2016-4323 [MXIT Splash Image Arbitrary File Overwrite Vulnerability]
 	RESERVED
 	- pidgin 2.11.0-1
@@ -4822,6 +4825,7 @@
 CVE-2016-4303 [JSON parsing vulnerability]
 	RESERVED
 	- iperf3 3.1.3-1 (bug #827116)
+	[jessie] - iperf3 <no-dsa> (Minor issue)
 	NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
 	NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x)
 	NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/
@@ -11269,7 +11273,8 @@
 	NOT-FOR-US: OpenShift
 CVE-2016-2141
 	RESERVED
-	- libjgroups-java <unfixed>
+	- libjgroups-java <unfixed> (low)
+	[jessie] - libjgroups-java <no-dsa> (Minor issue)
 CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) ...)
 	- nova <unfixed>
 	[wheezy] - nova <no-dsa> (Minor issue)
@@ -13094,7 +13099,7 @@
 	- chromium-browser 51.0.2704.63-1
 	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
 	- libv8 <unfixed> (unimportant)
-	- nodejs 4.4.6~dfsg-1
+	- nodejs 4.4.6~dfsg-1 (unimportant)
 	NOTE: libv8 not covered by security support
 CVE-2016-1668 (The forEachForBinding function in ...)
 	{DSA-3590-1}
@@ -192596,7 +192601,7 @@
 CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...)
 	NOT-FOR-US: Solaris
 CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...)
-	- xview <unfixed> (unimportant)
+	- xview <not-affected> (xview on Solaris)
 	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
 	NOTE: those anyway. Exact information is not available, but a similar problem
 	NOTE: is already fixed in the Debian package.

More information about the Secure-testing-commits mailing list