[Secure-testing-commits] r40216 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Mar 7 21:04:21 UTC 2016
Author: jmm
Date: 2016-03-07 21:04:21 +0000 (Mon, 07 Mar 2016)
New Revision: 40216
Modified:
data/CVE/list
Log:
one ntp n/a in stable/oldstable, three others no-dsa
linux issue N/a for all suites
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-07 19:57:02 UTC (rev 40215)
+++ data/CVE/list 2016-03-07 21:04:21 UTC (rev 40216)
@@ -10359,7 +10359,9 @@
NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
CVE-2015-7976 [ntpq saveconfig command allows dangerous characters in filenames]
RESERVED
- - ntp <unfixed>
+ - ntp <unfixed> (low)
+ [jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
+ [wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
NOTE: https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
@@ -10367,20 +10369,23 @@
CVE-2015-7975 [nextvar() missing length check]
RESERVED
- ntp <unfixed>
+ [jessie] - ntp <not-affected> (Introduced in 4.2.8)
+ [wheezy] - ntp <not-affected> (Introduced in 4.2.8)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
- TODO: check
CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...)
- - ntp <unfixed>
+ - ntp <unfixed> (low)
+ [jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
+ [wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
- TODO: check
CVE-2015-7973 [Deja Vu: Replay attack on authenticated broadcast mode]
RESERVED
- - ntp <unfixed>
+ - ntp <unfixed> (low)
+ [jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
+ [wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
- TODO: check
CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
{DSA-3414-1}
- xen 4.6.0-1
@@ -11768,11 +11773,9 @@
NOTE: SUSE seem to have a fix (disputed): https://bugzilla.novell.com/show_bug.cgi?id=960341
CVE-2015-7553 [nfnetlink race in NETLINK_NFLOG socket creation]
RESERVED
- - linux <unfixed>
- - linux-2.6 <removed>
+ - linux <not-affected> (RHEL-specific backport bug)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934
NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06
- TODO: check whether it's present and if so, whether it is complete
CVE-2015-7552
RESERVED
CVE-2015-7551
More information about the Secure-testing-commits
mailing list