[Secure-testing-commits] r40150 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Mar 3 20:28:45 UTC 2016 

Author: jmm
Date: 2016-03-03 20:28:45 +0000 (Thu, 03 Mar 2016)
New Revision: 40150

Modified:
   data/CVE/list
Log:
glibc no-dsa
remove one libav no-dsa entry, will be fixed along with next update
pitivi no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-03 20:27:16 UTC (rev 40149)
+++ data/CVE/list	2016-03-03 20:28:45 UTC (rev 40150)
@@ -5003,6 +5003,8 @@
 	RESERVED
 	{DLA-411-1}
 	- glibc <unfixed> (bug #813187)
+	[jessie] - glibc <no-dsa> (Minor issue)
+	[wheezy] - glibc <no-dsa> (Minor issue)
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
@@ -11898,6 +11900,7 @@
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
 	NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
 	NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2
+	TODO: Check whether applies to wheezy/jessie
 CVE-2015-7495
 	RESERVED
 CVE-2015-7494
@@ -17146,9 +17149,9 @@
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <removed> (low)
-	[jessie] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
 	NOTE: Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=0a49a62f998747cfa564d98d36a459fe70d3299b
+	NOTE: Fixed in libav 11.5
 CVE-2015-5478
 	RESERVED
 CVE-2015-5477 (named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 ...)
@@ -31798,6 +31801,7 @@
 CVE-2015-0855 [Insecure use of os.system()]
 	RESERVED
 	- pitivi 0.95-1
+	[jessie] - pitivi <no-dsa> (Minor issue)
 	[squeeze] - pitivi <not-affected> (Vulnerable code not present (no os.system()))
 	[wheezy] - pitivi <not-affected> (Vulnerable code not present (no os.system()))
 	NOTE: https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2 (RELEASE-0_95_0)

More information about the Secure-testing-commits mailing list