[Secure-testing-commits] r40314 - in data: CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Mar 10 22:13:20 UTC 2016
Author: jmm
Date: 2016-03-10 22:13:20 +0000 (Thu, 10 Mar 2016)
New Revision: 40314
Modified:
data/CVE/list
data/DSA/list
Log:
three followup CVE assignments for chromium
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-10 22:10:29 UTC (rev 40313)
+++ data/CVE/list 2016-03-10 22:13:20 UTC (rev 40314)
@@ -65,11 +65,20 @@
CVE-2016-2846
RESERVED
CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as used in ...)
- TODO: check
+ {DSA-3507-1}
+ - chromium-browser 49.0.2623.75-1
+ [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+ [squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2844 (WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google ...)
- TODO: check
+ {DSA-3507-1}
+ - chromium-browser 49.0.2623.75-1
+ [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+ [squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2843 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, ...)
- TODO: check
+ {DSA-3507-1}
+ - chromium-browser 49.0.2623.75-1
+ [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+ [squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-XXXX [improper validation of array index vulnerability]
- minissdpd <unfixed> (bug #816759)
NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
@@ -83,13 +92,11 @@
NOTE: https://bugs.php.net/bug.php?id=71498
NOTE: Fixed in 5.5.33, 5.6.19
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/10/5
- TODO: check
CVE-2016-XXXX [Use-After-Free / Double-Free in WDDX Deserialize]
- php5 5.6.19+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=71587
NOTE: Fixed in 5.5.33, 5.6.19
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/10/5
- TODO: check
CVE-2016-XXXX [Double free or corruption in zcat]
- gzip <unfixed> (bug #816154)
TODO: check
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-03-10 22:10:29 UTC (rev 40313)
+++ data/DSA/list 2016-03-10 22:13:20 UTC (rev 40314)
@@ -21,7 +21,7 @@
[wheezy] - jasper 1.900.1-13+deb7u4
[jessie] - jasper 1.900.1-debian1-2.4+deb8u1
[05 Mar 2016] DSA-3507-1 chromium-browser - security update
- {CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642}
+ {CVE-2015-8126 CVE-2016-1630 CVE-2016-1631 CVE-2016-1632 CVE-2016-1633 CVE-2016-1634 CVE-2016-1635 CVE-2016-1636 CVE-2016-1637 CVE-2016-1638 CVE-2016-1639 CVE-2016-1640 CVE-2016-1641 CVE-2016-1642 CVE-2016-2845 CVE-2016-2844 CVE-2016-2843}
[jessie] - chromium-browser 49.0.2623.75-1~deb8u1
[04 Mar 2016] DSA-3506-1 libav - security update
{CVE-2016-1897 CVE-2016-1898 CVE-2016-2326}
More information about the Secure-testing-commits
mailing list