[Secure-testing-commits] r40324 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Mar 11 18:26:06 UTC 2016
Author: jmm
Date: 2016-03-11 18:26:06 +0000 (Fri, 11 Mar 2016)
New Revision: 40324
Modified:
data/CVE/list
Log:
cinnamon-settings-daemon fixed (no-dsa for jessie)
aptdaemon no-dsa
remove php non-issue
one qemu issue no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-11 17:57:33 UTC (rev 40323)
+++ data/CVE/list 2016-03-11 18:26:06 UTC (rev 40324)
@@ -584,13 +584,13 @@
- linux <unfixed>
NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
- TODO: check
+ TODO: doublecheck with Ben, aufs is available as udebs, but not as a standard kernel module (possibly only in use for live images)
CVE-2016-2853 [AUFS Over Fuse: Loss of Nosuid]
RESERVED
- linux <unfixed>
NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
- TODO: check
+ TODO: doublecheck with Ben, aufs is available as udebs, but not as a standard kernel module (possibly only in use for live images)
CVE-2016-2839
RESERVED
CVE-2016-2838
@@ -2218,15 +2218,6 @@
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=07c7df68bd68bbe706371fccc77c814ebb335d9e
NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
-CVE-2016-XXXX [Crash in SessionHandler::read()]
- - php5 5.6.18+dfsg-1
- - php5.6 5.6.18+dfsg-1
- - php7.0 <undetermined>
- NOTE: https://bugs.php.net/bug.php?id=69111
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305548
- NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a793b709086eed655bc98f933d838b8679b28920
- NOTE: Fixed in 5.6.18
- TODO: check, can possibly be considered not security
CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
- php5 5.6.18+dfsg-1
- php5.6 5.6.18+dfsg-1
@@ -5333,7 +5324,7 @@
CVE-2016-1328
RESERVED
CVE-2016-1327 (Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1326 (The administration interface on Cisco DPQ3925 devices with firmware r1 ...)
TODO: check
CVE-2016-1325 (The administration interface on Cisco DPC3939B and DPC3941 devices ...)
@@ -6342,6 +6333,8 @@
CVE-2015-8666 [acpi: heap based buffer overrun during VM migration]
RESERVED
- qemu 1:2.5+dfsg-1
+ [jessie] - qemu <no-dsa> (Minor issue)
+ [wheezy] - qemu <no-dsa> (Minor issue)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
@@ -10932,7 +10925,9 @@
[jessie] - iptables-persistent 1.0.3+deb8u1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
CVE-2015-XXXX
- - cinnamon-settings-daemon <unfixed>
+ - cinnamon-settings-daemon 2.8.3-1 (low)
+ [jessie] - cinnamon-settings-daemon <no-dsa> (Minor issue)
+ NOTE: https://github.com/linuxmint/cinnamon-settings-daemon/commit/ac5e0be8c1817616dbdb056b6881cfc4660f57a8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly ...)
{DSA-3438-1 DLA-338-1}
@@ -30696,8 +30691,10 @@
CVE-2015-1323 [information disclosure via simulate dbus method]
RESERVED
{DLA-261-1}
+ [jessie] - aptdaemon <no-dsa> (Minor issue)
+ [wheezy] - aptdaemon <no-dsa> (Minor issue)
- aptdaemon 1.1.1+bzr982-1 (bug #789162)
- NOTE: http://www.ubuntu.com/usn/usn-2648-1
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587
CVE-2015-1322 (Directory traversal vulnerability in the Ubuntu network-manager ...)
- network-manager <not-affected> (Ubuntu specific patch)
NOTE: http://www.ubuntu.com/usn/usn-2581-1
More information about the Secure-testing-commits
mailing list