[Secure-testing-commits] r41371 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue May 3 14:09:39 UTC 2016


Author: jmm
Date: 2016-05-03 14:09:39 +0000 (Tue, 03 May 2016)
New Revision: 41371

Modified:
   data/CVE/list
Log:
more openssl issues
older tomcat issue fixed
mark xbindkeys-config as unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-05-03 11:14:31 UTC (rev 41370)
+++ data/CVE/list	2016-05-03 14:09:39 UTC (rev 41371)
@@ -6297,6 +6297,7 @@
 	RESERVED
 	- openssl <unfixed>
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
+	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2175
 	RESERVED
 CVE-2016-2174
@@ -6495,18 +6496,25 @@
 	RESERVED
 	- openssl <unfixed> (low)
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
+	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2108
 	RESERVED
+	- openssl 1.0.2c-1
+	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2107
 	RESERVED
+	- openssl <unfixed>
+	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2106
 	RESERVED
 	- openssl <unfixed>
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
+	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2105
 	RESERVED
 	- openssl <unfixed>
 	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
+	NOTE: https://www.openssl.org/news/secadv/20160503.txt
 CVE-2016-2104
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
@@ -22277,11 +22285,10 @@
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.30-1
 	- tomcat7 7.0.68-1
-	- tomcat6 <removed>
+	- tomcat6 6.0.41-3
+	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	[squeeze] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
-	[jessie] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
 	NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3
-	NOTE: Not fixed for Tomcat 6. Request.java is affected.
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1713187
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
@@ -37884,10 +37891,11 @@
 	NOTE: http://marc.info/?l=linux-kernel&m=142047362307894&w=2
 CVE-2014-9513 [insecure use of temporary files]
 	RESERVED
-	- xbindkeys-config <unfixed> (bug #772473)
+	- xbindkeys-config <unfixed> (unimportant; bug #772473)
 	[jessie] - xbindkeys-config <no-dsa> (Minor issue)
 	[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
 	[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
+	NOTE: Not exploitable with kernel hardening since jessie
 CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng ...)
 	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
 	- texlive-bin 2014.20140926.35254-4 (bug #773824)




More information about the Secure-testing-commits mailing list