[Secure-testing-commits] r40455 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Mar 18 18:52:31 UTC 2016 

Author: jmm
Date: 2016-03-18 18:52:31 +0000 (Fri, 18 Mar 2016)
New Revision: 40455

Modified:
   data/CVE/list
Log:
opam, dcraw, httpcomponents-client no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-18 18:47:19 UTC (rev 40454)
+++ data/CVE/list	2016-03-18 18:52:31 UTC (rev 40455)
@@ -427,7 +427,6 @@
 	NOTE: https://bugs.php.net/bug.php?id=71610
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
 	NOTE: http://php.net/ChangeLog-7.php#7.0.4
-	TODO: seems to not affect PHP 5, double check
 CVE-2016-3184
 	RESERVED
 CVE-2016-3180 [Signature verification bypass attack]
@@ -506,6 +505,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
 CVE-2016-XXXX [opam: does not verify certificate]
 	- opam <unfixed> (bug #818081)
+	[jessie] - opam <no-dsa> (Minor issue, can be fixed in a point update)
 	NOTE: https://github.com/ocaml/opam/commit/3d43295df3bb9e67e60801d319bf82c2c8a84d24
 CVE-2016-XXXX [moodle issues from 2.7.13]
 	- moodle 2.7.13+dfsg-1
@@ -7420,45 +7420,45 @@
 CVE-2016-1006
 	RESERVED
 CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-1004
 	RESERVED
 CVE-2016-1003
 	RESERVED
 CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe Flash ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
@@ -7504,13 +7504,13 @@
 CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
 	NOT-FOR-US: Adobe
 CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2016-0959
 	RESERVED
 CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote ...)
@@ -10668,6 +10668,7 @@
 	[wheezy] - libraw <not-affected> (Vulnerable code not present)
 	[squeeze] - libraw <not-affected> (Vulnerable code not present)
 	- dcraw <unfixed>
+	[jessie] - dcraw <no-dsa> (Minor issue)
 	[wheezy] - dcraw <not-affected> (Vulnerable code not present)
 	[squeeze] - dcraw <not-affected> (Vulnerable code not present)
 	- kodi <not-affected> (Vulnerable code not present)
@@ -19577,6 +19578,7 @@
 CVE-2015-5262 (http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents ...)
 	{DLA-322-1}
 	- httpcomponents-client 4.3.6-1 (low)
+	[jessie] - httpcomponents-client <no-dsa> (Minor issue)
 	[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
 	[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
 	- commons-httpclient 3.1-12 (bug #798650)

More information about the Secure-testing-commits mailing list