[Secure-testing-commits] r44682 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Sep 17 14:31:41 UTC 2016
Author: carnil
Date: 2016-09-17 14:31:40 +0000 (Sat, 17 Sep 2016)
New Revision: 44682
Modified:
data/CVE/list
Log:
More fixes from point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-17 14:24:45 UTC (rev 44681)
+++ data/CVE/list 2016-09-17 14:31:40 UTC (rev 44682)
@@ -5979,7 +5979,7 @@
NOTE: Furthermore pidgin in Debian is not compiled to use GnuTLS (--enable-gnutls=no)
CVE-2016-XXXX [insecure default PATH]
- dietlibc 0.34~cvs20160606-2 (bug #832169)
- [jessie] - dietlibc <no-dsa> (Can be scheduled through jessie point release)
+ [jessie] - dietlibc 0.33~cvs20120325-6+deb8u1
[wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1
NOTE: Workaround entry for DLA-557-1 until CVE is assigned
NOTE: Following reverse dependencies need to be recompiled: minit (wheezy, jessie),
@@ -10416,7 +10416,7 @@
CVE-2016-5042
RESERVED
- dwarfutils 20160507-1
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5041
@@ -10434,13 +10434,13 @@
CVE-2016-5039
RESERVED
- dwarfutils 20160507-1
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
CVE-2016-5038
RESERVED
- dwarfutils 20160507+git20160523.9086738-1
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5037
@@ -10452,7 +10452,7 @@
CVE-2016-5036
RESERVED
- dwarfutils 20160507+git20160523.9086738-1
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5035
@@ -10464,7 +10464,7 @@
CVE-2016-5034
RESERVED
- dwarfutils 20160507+git20160523.9086738-1
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
CVE-2016-5033
@@ -19452,7 +19452,7 @@
RESERVED
CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf ...)
- dwarfutils 20160507-1 (bug #813148)
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
@@ -20211,6 +20211,7 @@
CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info]
RESERVED
- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
+ [jessie] - dwarfutils 20120410-2+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
NOTE: Reasoning for "unimportant" severity: The affected source code is present
@@ -22129,7 +22130,7 @@
RESERVED
{DLA-388-1}
- dwarfutils 20160507-1 (bug #813182)
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264
NOTE: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697
@@ -25859,7 +25860,7 @@
CVE-2015-8538 [a out of bound read bug is found in libdwarf]
RESERVED
- dwarfutils 20160507-1 (bug #807817)
- [jessie] - dwarfutils <no-dsa> (Minor issue)
+ [jessie] - dwarfutils 20120410-2+deb8u1
[wheezy] - dwarfutils <no-dsa> (Minor issue)
[squeeze] - dwarfutils <not-affected> (No segfault with provided test case)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
More information about the Secure-testing-commits
mailing list