[Secure-testing-commits] r45957 - data/CVE
Alessandro Ghedini
ghedo at moszumanska.debian.org
Thu Nov 3 22:54:05 UTC 2016
Author: ghedo
Date: 2016-11-03 22:54:05 +0000 (Thu, 03 Nov 2016)
New Revision: 45957
Modified:
data/CVE/list
Log:
Some curl issues are fixed in sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-03 22:53:56 UTC (rev 45956)
+++ data/CVE/list 2016-11-03 22:54:05 UTC (rev 45957)
@@ -1416,69 +1416,69 @@
TODO: check
CVE-2016-8625
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
[jessie] - curl <no-dsa> (the fix is too invasive)
NOTE: https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
NOTE: https://curl.haxx.se/docs/adv_20161102K.html
NOTE: https://curl.haxx.se/CVE-2016-8625.patch
CVE-2016-8624
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/3bb273db7e40ebc284cff45f3ce3f0475c8339c2
NOTE: https://curl.haxx.se/docs/adv_20161102J.html
NOTE: https://curl.haxx.se/CVE-2016-8624.patch
CVE-2016-8623
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5
NOTE: https://curl.haxx.se/docs/adv_20161102I.html
NOTE: https://curl.haxx.se/CVE-2016-8623.patch
CVE-2016-8622
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/53e71e47d6b81650d26ec33a58d0dca24c7ffb2c
NOTE: https://curl.haxx.se/docs/adv_20161102H.html
NOTE: https://curl.haxx.se/CVE-2016-8622.patch
CVE-2016-8621
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/96a80b5a262fb6dd2ddcea7987296f3b9a405618
NOTE: https://curl.haxx.se/docs/adv_20161102G.html
NOTE: https://curl.haxx.se/CVE-2016-8621.patch
CVE-2016-8620
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.34.0)
NOTE: https://github.com/curl/curl/commit/fbb5f1aa0326d485d5a7ac643b48481897ca667f
NOTE: https://curl.haxx.se/docs/adv_20161102F.html
NOTE: https://curl.haxx.se/CVE-2016-8620.patch
CVE-2016-8619
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd
NOTE: https://curl.haxx.se/docs/adv_20161102E.html
NOTE: https://curl.haxx.se/CVE-2016-8619.patch
CVE-2016-8618
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/8732ec40db652c53fa58cd13e2acb8eab6e40874
NOTE: https://curl.haxx.se/docs/adv_20161102D.html
NOTE: https://curl.haxx.se/CVE-2016-8618.patch
CVE-2016-8617
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/efd24d57426bd77c9b5860e6b297904703750412
NOTE: https://curl.haxx.se/docs/adv_20161102C.html
NOTE: https://curl.haxx.se/CVE-2016-8617.patch
CVE-2016-8616
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/b3ee26c5df75d97f6895e6ec4538894ebaf76e48
NOTE: https://curl.haxx.se/docs/adv_20161102B.html
NOTE: https://curl.haxx.se/CVE-2016-8616.patch
CVE-2016-8615
RESERVED
- - curl <unfixed>
+ - curl 7.51.0-1
NOTE: https://github.com/curl/curl/commit/cff89bc088b7884098ea0c5378bbda3d49c437bc
NOTE: https://curl.haxx.se/docs/adv_20161102A.html
NOTE: https://curl.haxx.se/CVE-2016-8615.patch
@@ -5782,7 +5782,7 @@
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
{DLA-625-1}
- - curl <unfixed> (bug #837945)
+ - curl 7.51.0-1 (bug #837945)
[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA)
NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
@@ -5923,7 +5923,7 @@
NOT-FOR-US: Plone
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
{DLA-616-1}
- - curl <unfixed> (bug #836918)
+ - curl 7.51.0-1 (bug #836918)
[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA; affects only NSS backend)
NOTE: Only affects libcurl3-nss
NOTE: http://seclists.org/oss-sec/2016/q3/419
More information about the Secure-testing-commits
mailing list