[Secure-testing-commits] r40379 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Mar 14 22:40:40 UTC 2016
Author: jmm
Date: 2016-03-14 22:40:40 +0000 (Mon, 14 Mar 2016)
New Revision: 40379
Modified:
data/CVE/list
Log:
two ntp, mono no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-14 21:32:04 UTC (rev 40378)
+++ data/CVE/list 2016-03-14 22:40:40 UTC (rev 40379)
@@ -10731,17 +10731,19 @@
CVE-2015-8140 [ntpq vulnerable to replay attacks]
RESERVED
- ntp <unfixed>
+ [jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2947
NOTE: Mitigated in 4.2.8p6
- TODO: check
CVE-2015-8139 [Origin Leak: ntpq and ntpdc, disclose origin]
RESERVED
- ntp <unfixed>
+ [jessie] - ntp <no-dsa> (Minor issue)
+ [wheezy] - ntp <no-dsa> (Minor issue)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2946
NOTE: Mitigated in 4.2.8p6
- TODO: check
CVE-2015-8138 [ntp: missing check for zero originate timestamp]
RESERVED
- ntp <unfixed>
@@ -138377,6 +138379,8 @@
- kde4libs 4:4.3.4-1 (medium; bug #559266)
[lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny, hardly any attack vector)
- mono 4.2.1.102+dfsg2-4
+ [jessie] - mono <no-dsa> (Minor issue)
+ [wheezy] - mono <no-dsa> (Minor issue)
NOTE: http://www.mono-project.com/docs/about-mono/vulnerabilities/
NOTE: https://gist.github.com/directhex/01e853567fd2cc74ed39
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...)
More information about the Secure-testing-commits
mailing list