[Secure-testing-commits] r45236 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Oct 11 21:33:11 UTC 2016 

Author: jmm
Date: 2016-10-11 21:33:10 +0000 (Tue, 11 Oct 2016)
New Revision: 45236

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
dbus spu
drop a few packages which embed libiberty, but which don't have any real-world security impact,
  these are effectively plain bugs and only clutter the tracker


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-11 21:10:10 UTC (rev 45235)
+++ data/CVE/list	2016-10-11 21:33:10 UTC (rev 45236)
@@ -8376,17 +8376,9 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143
 CVE-2016-6130 (Race condition in the sclp_ctl_ioctl_sccb function in ...)
@@ -13113,24 +13105,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
 CVE-2016-4492 [Write access violations]
@@ -13144,24 +13124,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
 CVE-2016-4491 [Stack overflow due to infinite recursion in d_print_comp]
@@ -13175,24 +13143,12 @@
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
 	[wheezy] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty <unfixed> (low)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
 	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
 CVE-2016-4490 [Write access violation]
@@ -13206,24 +13162,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=235767
 CVE-2016-4489 [Invalid write due to integer overflow]
@@ -13237,24 +13181,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234828
 CVE-2016-4488 [Invalid write due to a use-after-free to array ktypevec]
@@ -13268,24 +13200,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
 	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
 CVE-2016-4487 [Invalid write due to a use-after-free to array btypevec]
@@ -13299,24 +13219,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
 	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
 CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before ...)
@@ -20146,24 +20054,12 @@
 	[wheezy] - ht <no-dsa> (Minor issue)
 	- binutils <unfixed> (low)
 	[jessie] - binutils <no-dsa> (Minor issue)
-	- binutils-h8300-hms <unfixed> (low)
-	[jessie] - binutils-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - binutils-h8300-hms <no-dsa> (Minor issue)
-	- gcc-h8300-hms <unfixed> (low)
-	[jessie] - gcc-h8300-hms <no-dsa> (Minor issue)
-	[wheezy] - gcc-h8300-hms <no-dsa> (Minor issue)
 	- gdb <unfixed> (low)
 	[jessie] - gdb <no-dsa> (Minor issue)
 	[wheezy] - gdb <no-dsa> (Minor issue)
 	- libiberty 20161011-1 (low; bug #840360)
 	[jessie] - libiberty <no-dsa> (Minor issue)
 	[wheezy] - libiberty <no-dsa> (Minor issue)
-	- nescc <unfixed> (low)
-	[jessie] - nescc <no-dsa> (Minor issue)
-	[wheezy] - nescc <no-dsa> (Minor issue)
-	- sdcc <unfixed> (low)
-	[jessie] - sdcc <no-dsa> (Minor issue)
-	[wheezy] - sdcc <no-dsa> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829
 CVE-2015-8811
@@ -35673,7 +35569,6 @@
 	[squeeze] - binutils 2.20.1-16+deb6u2
 	NOTE: workaround entry for DLA 324-1-1 and DLA-552-1 until/if CVE assigned
 	- gdb <undetermined>
-	- sdcc <undetermined>
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/31/6
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18750
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2016-10-11 21:10:10 UTC (rev 45235)
+++ data/next-point-update.txt	2016-10-11 21:33:10 UTC (rev 45236)
@@ -32,3 +32,6 @@
 	[jessie] - bash 4.3-11+deb8u1
 CVE-2016-7543
 	[jessie] - bash 4.3-11+deb8u1
+CVE-2016-XXXX [dbus format string vulnerability]
+	[jessie] - dbus 1.8.22-0+deb8u1
+

More information about the Secure-testing-commits mailing list