[Secure-testing-commits] r41371 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue May 3 14:09:39 UTC 2016
Author: jmm
Date: 2016-05-03 14:09:39 +0000 (Tue, 03 May 2016)
New Revision: 41371
Modified:
data/CVE/list
Log:
more openssl issues
older tomcat issue fixed
mark xbindkeys-config as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-03 11:14:31 UTC (rev 41370)
+++ data/CVE/list 2016-05-03 14:09:39 UTC (rev 41371)
@@ -6297,6 +6297,7 @@
RESERVED
- openssl <unfixed>
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
+ NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2175
RESERVED
CVE-2016-2174
@@ -6495,18 +6496,25 @@
RESERVED
- openssl <unfixed> (low)
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
+ NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2108
RESERVED
+ - openssl 1.0.2c-1
+ NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2107
RESERVED
+ - openssl <unfixed>
+ NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2106
RESERVED
- openssl <unfixed>
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
+ NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2105
RESERVED
- openssl <unfixed>
NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
+ NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2104
RESERVED
NOT-FOR-US: Red Hat Satellite
@@ -22277,11 +22285,10 @@
- tomcat9 <itp> (bug #802312)
- tomcat8 8.0.30-1
- tomcat7 7.0.68-1
- - tomcat6 <removed>
+ - tomcat6 6.0.41-3
+ NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
[squeeze] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
- [jessie] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3
- NOTE: Not fixed for Tomcat 6. Request.java is affected.
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1713187
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
@@ -37884,10 +37891,11 @@
NOTE: http://marc.info/?l=linux-kernel&m=142047362307894&w=2
CVE-2014-9513 [insecure use of temporary files]
RESERVED
- - xbindkeys-config <unfixed> (bug #772473)
+ - xbindkeys-config <unfixed> (unimportant; bug #772473)
[jessie] - xbindkeys-config <no-dsa> (Minor issue)
[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
+ NOTE: Not exploitable with kernel hardening since jessie
CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng ...)
- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
- texlive-bin 2014.20140926.35254-4 (bug #773824)
More information about the Secure-testing-commits
mailing list