[Secure-testing-commits] r40654 - in data: CVE DLA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Mar 30 05:42:20 UTC 2016 

Author: carnil
Date: 2016-03-30 05:42:20 +0000 (Wed, 30 Mar 2016)
New Revision: 40654

Modified:
   data/CVE/list
   data/DLA/list
Log:
CVEs assigned for fuseiso issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-30 05:03:44 UTC (rev 40653)
+++ data/CVE/list	2016-03-30 05:42:20 UTC (rev 40654)
@@ -31746,18 +31746,14 @@
 	[jessie] - libfcgi-perl <no-dsa> (Minor issue)
 	[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
-CVE-2012-XXXX [Stack-based buffer overflow when scanning directory structure for absolute path entries]
+CVE-2015-8837 [Stack-based buffer overflow when scanning directory structure for absolute path entries]
 	- fuseiso 20070708-3.2 (bug #779047)
-	[squeeze] - fuseiso 20070708-2+deb6u1
-	NOTE: workaround entry for DLA-323-1 until/if CVE assigned
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863091
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/7
-CVE-2012-XXXX [Integer overflow, leading to heap buffer overflow when reading certain ISO ZF blocks]
+	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
+CVE-2015-8836 [Integer overflow, leading to heap buffer overflow when reading certain ISO ZF blocks]
 	- fuseiso 20070708-3.2 (bug #779047)
-	[squeeze] - fuseiso 20070708-2+deb6u1
-	NOTE: workaround entry for DLA-323-1 until/if CVE assigned
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863102
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/7
+	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
 CVE-2010-XXXX [crash when parsing overly long links]
 	- lynx-cur 2.8.8dev.4-1
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-03-30 05:03:44 UTC (rev 40653)
+++ data/DLA/list	2016-03-30 05:42:20 UTC (rev 40654)
@@ -365,6 +365,7 @@
 	{CVE-2012-3509}
 	[squeeze] - binutils 2.20.1-16+deb6u2
 [01 Oct 2015] DLA-323-1 fuseiso - security update
+	{CVE-2015-8836 CVE-2015-8837}
 	[squeeze] - fuseiso 20070708-2+deb6u1
 [30 Sep 2015] DLA-322-1 commons-httpclient - security update
 	{CVE-2015-5262}

More information about the Secure-testing-commits mailing list