[Secure-testing-commits] r41527 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sat May 7 20:55:21 UTC 2016
Author: jmm
Date: 2016-05-07 20:55:21 +0000 (Sat, 07 May 2016)
New Revision: 41527
Modified:
data/CVE/list
Log:
mplayer no-dsa
fix version number for vlc
xen bug
remove gzip entry, plain bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-07 19:57:40 UTC (rev 41526)
+++ data/CVE/list 2016-05-07 20:55:21 UTC (rev 41527)
@@ -660,7 +660,8 @@
RESERVED
{DLA-458-1 DLA-457-1}
- mplayer <unfixed>
- - mplayer2 <removed>
+ - mplayer2 <removed> (low)
+ [jessie] - mplayer2 <no-dsa> (Minor issue)
NOTE: https://trac.mplayerhq.hu/ticket/2295
NOTE: Fixed in Revision r37857 upstream
NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
@@ -1803,7 +1804,7 @@
NOTE: http://xenbits.xen.org/xsa/advisory-174.html
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
{DSA-3554-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957
RESERVED
@@ -2414,7 +2415,7 @@
CVE-2016-3690
RESERVED
CVE-2016-3941 (Buffer overflow in the AStreamPeekStream function in input/stream.c in ...)
- - vlc 2.2.1-1
+ - vlc 2.2.0-1
NOTE: https://bugs.launchpad.net/bugs/1533633
NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
CVE-2016-3688 (SQL injection vulnerability in dotCMS before 3.5 allows remote ...)
@@ -3600,7 +3601,7 @@
RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...)
{DSA-3554-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3159 is for the code change which is applicable for later
NOTE: versions only, but which must always be combined with the code change
@@ -3608,7 +3609,7 @@
NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...)
{DSA-3554-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3158 is for the code change which is required for all
NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient
@@ -4507,9 +4508,6 @@
NOTE: Fixed in 5.5.33, 5.6.19
NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/1
-CVE-2016-XXXX [Double free or corruption in zcat]
- - gzip <unfixed> (bug #816154)
- TODO: check
CVE-2016-XXXX [infinite loop parsing an html file]
- tidy-html5 <itp> (bug #770129)
NOTE: https://github.com/htacg/tidy-html5/issues/380
@@ -6473,7 +6471,7 @@
TODO: check
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a ...)
@@ -8990,12 +8988,12 @@
NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-168.html
CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-167.html
CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer ...)
@@ -11184,7 +11182,7 @@
NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 ...)
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[jessie] - xen <not-affected> (Only affects 4.6)
[wheezy] - xen <not-affected> (Only affects 4.6)
[squeeze] - xen <not-affected> (Only affects 4.6)
@@ -11997,7 +11995,7 @@
NOT-FOR-US: F1BookView
CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-165.html
CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using ...)
@@ -12050,7 +12048,7 @@
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
[squeeze] - qemu-kvm <not-affected> (vulnerable code not present)
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-155.html
NOTE: https://git.kernel.org/linus/454d5d882c7e412b840e3c99010fe81a9862f6fb
@@ -14350,22 +14348,22 @@
REJECTED
CVE-2015-8341 (The libxl toolstack library in Xen 4.1.x through 4.6.x does not ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-160.html
CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
{DSA-3519-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page order ...)
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[jessie] - xen <no-dsa> (Minor issue)
[wheezy] - xen <not-affected> (Only affects Xen on arm)
[squeeze] - xen <not-affected> (Only affects Xen on arm)
@@ -15134,7 +15132,7 @@
{DSA-3454-1 DSA-3426-1 DSA-3414-1}
- linux 4.2.6-2
- linux-2.6 <removed>
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-156.html
@@ -17629,7 +17627,7 @@
NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
CVE-2015-7311 (libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly ...)
{DSA-3414-1}
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
[squeeze] - xen <not-affected> (Only affects 4.1 and later)
NOTE: http://xenbits.xen.org/xsa/advisory-142.html
@@ -19426,7 +19424,7 @@
NOT-FOR-US: Pligg CMS
CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, ...)
{DSA-3414-1}
- - xen <unfixed> (bug #800128)
+ - xen <unfixed> (bug #823620; bug #800128)
[wheezy] - xen <not-affected> (Xen on arm not yet supported)
[squeeze] - xen <not-affected> (Xen on arm not yet supported)
NOTE: http://xenbits.xen.org/xsa/advisory-141.html
@@ -23024,7 +23022,7 @@
{DSA-3454-1 DSA-3414-1 DSA-3396-1}
- linux 4.2.6-1
- linux-2.6 <removed>
- - xen <unfixed>
+ - xen <unfixed> (bug #823620)
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-156.html
More information about the Secure-testing-commits
mailing list