[Secure-testing-commits] r40537 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Mar 23 18:52:41 UTC 2016
Author: jmm
Date: 2016-03-23 18:52:41 +0000 (Wed, 23 Mar 2016)
New Revision: 40537
Modified:
data/CVE/list
Log:
mark four hardware-driven USB DoS as no-dsa, these may trickle in through updates anyway and no-dsa can be dropped then
nova no-dsa
icedtea-web no-dsa (proposed for point update)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-23 18:50:21 UTC (rev 40536)
+++ data/CVE/list 2016-03-23 18:52:41 UTC (rev 40537)
@@ -1157,6 +1157,8 @@
CVE-2016-3140 [crash on invalid USB device descriptors (digi_acceleport driver)]
RESERVED
- linux <unfixed> (low)
+ [jessie] - linux <no-dsa> (Minor issue)
+ [wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2016/Mar/61
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
NOTE: https://marc.info/?l=linux-usb&m=145796765030590&w=2
@@ -1169,17 +1171,23 @@
CVE-2016-3138 [crash on invalid USB device descriptors (cdc_acm driver)]
RESERVED
- linux <unfixed> (low)
+ [jessie] - linux <no-dsa> (Minor issue)
+ [wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2016/Mar/54
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
CVE-2016-3137 [crash on invalid USB device descriptors (cypress_m8 driver)]
RESERVED
- linux <unfixed> (low)
+ [jessie] - linux <no-dsa> (Minor issue)
+ [wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2016/Mar/55
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
CVE-2016-3136 [crash on invalid USB device descriptors (mct_u232 driver)]
RESERVED
- linux <unfixed> (low)
+ [jessie] - linux <no-dsa> (Minor issue)
+ [wheezy] - linux <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2016/Mar/57
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
CVE-2016-3125 [TLSDHParamFile directive ignored]
@@ -4077,8 +4085,9 @@
CVE-2016-2140 [Nova host data leak through resize/migration]
RESERVED
- nova <unfixed>
+ [wheezy] - nova <no-dsa> (Minor issue)
+ [jessie] - nova <no-dsa> (Minor issue)
NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
- TODO: check
CVE-2016-2139
RESERVED
CVE-2016-2138
@@ -20207,8 +20216,12 @@
RESERVED
CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly ...)
- icedtea-web 1.6.1-1 (bug #798467)
+ [jessie] - icedtea-web <no-dsa> (Minor issue)
+ [wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5234 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly ...)
- icedtea-web 1.6.1-1 (bug #798467)
+ [jessie] - icedtea-web <no-dsa> (Minor issue)
+ [wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5233
RESERVED
- foreman <itp> (bug #663101)
More information about the Secure-testing-commits
mailing list