[Secure-testing-commits] r45720 - data/CVE

Fri Oct 28 17:47:02 UTC 2016

Author: carnil
Date: 2016-10-28 17:47:02 +0000 (Fri, 28 Oct 2016)
New Revision: 45720

Modified:
   data/CVE/list
Log:
Add fixed version for ghostscript upload to unstable

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-10-28 17:04:05 UTC (rev 45719)
+++ data/CVE/list	2016-10-28 17:47:02 UTC (rev 45720)
@@ -1547,7 +1547,7 @@
 CVE-2016-8602 [type confusion]
 	RESERVED
 	{DSA-3691-1 DLA-674-1}
-	- ghostscript <unfixed> (bug #840451)
+	- ghostscript 9.19~dfsg-3.1 (bug #840451)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
 CVE-2016-8601 [do_blockdev_direct_IO invalid memory access]
@@ -1794,7 +1794,7 @@
 CVE-2016-7979 [type confusion in .initialize_dsc_parser allows remote code execution]
 	RESERVED
 	{DSA-3691-1 DLA-674-1}
-	- ghostscript <unfixed> (bug #839846)
+	- ghostscript 9.19~dfsg-3.1 (bug #839846)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
@@ -1803,7 +1803,7 @@
 CVE-2016-7978 [reference leak in .setdevice allows use-after-free and remote code execution]
 	RESERVED
 	{DSA-3691-1 DLA-674-1}
-	- ghostscript <unfixed> (bug #839845)
+	- ghostscript 9.19~dfsg-3.1 (bug #839845)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
 	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
@@ -1811,7 +1811,7 @@
 CVE-2016-7977 [.libfile doesn't check PermitFileReading array, allowing remote file disclosure]
 	RESERVED
 	{DSA-3691-1 DLA-674-1}
-	- ghostscript <unfixed> (high; bug #839841)
+	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
 	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
@@ -1819,7 +1819,7 @@
 CVE-2016-7976 [various userparams allow %pipe% in paths, allowing remote shell command execution]
 	RESERVED
 	{DSA-3691-1 DLA-674-1}
-	- ghostscript <unfixed> (high; bug #839260)
+	- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
 	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
 	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8
 	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
@@ -84262,7 +84262,7 @@
 CVE-2013-5653 [Ghostscript information disclosure through getenv, filenameforall]
 	RESERVED
 	{DSA-3691-1 DLA-674-1}
-	- ghostscript <unfixed> (low; bug #839118)
+	- ghostscript 9.19~dfsg-3.1 (low; bug #839118)
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
 CVE-2013-5652


