[Secure-testing-commits] r40375 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 14 18:37:33 UTC 2016 

Author: jmm
Date: 2016-03-14 18:37:33 +0000 (Mon, 14 Mar 2016)
New Revision: 40375

Modified:
   data/CVE/list
Log:
one wireshark issue n/a
one wireshark issue fixed in latest DSA
set two proftpd issues as undetermined, unclear whether this is actually an issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-14 18:23:05 UTC (rev 40374)
+++ data/CVE/list	2016-03-14 18:37:33 UTC (rev 40375)
@@ -11,12 +11,12 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/14/12
 	TODO: check
 CVE-2016-XXXX [An invalid off by one read can happen in the function pr_fs_dircat()]
-	- proftpd-dfsg <unfixed>
+	- proftpd-dfsg <undetermined>
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4194
 	NOTE: https://github.com/proftpd/proftpd/commit/f99ef850a05f46c56be8deae97e59efa50575e69
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/11/12
 CVE-2016-XXXX [An invalid off by one read can happen in the string handling function pr_ascii_ftp_to_crlf()]
-	- proftpd-dfsg <unfixed>
+	- proftpd-dfsg <undetermined>
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4195
 	NOTE: https://github.com/proftpd/proftpd/pull/145
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/11/12
@@ -1588,6 +1588,8 @@
 	RESERVED
 CVE-2016-XXXX [another ASN.1 BER dissector crash]
 	- wireshark 2.0.2+ga16e22e-1
+	[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u5
+	[wheezy] - wireshark 1.8.2-5wheezy18
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
 	NOTE: Fixed versions: 2.0.2, 1.12.10
@@ -1710,7 +1712,7 @@
 	NOTE: Affected versions: 2.0.0 to 2.0.1
 	NOTE: Fixed versions: 2.0.2
 CVE-2016-2521 (Untrusted search path vulnerability in the WiresharkApplication class ...)
-	- wireshark 2.0.2+ga16e22e-1
+	- wireshark <not-affected> (Windows-specific)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-01.html
 	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
 	NOTE: Fixed versions: 2.0.2, 1.12.10

More information about the Secure-testing-commits mailing list