[Secure-testing-commits] r44684 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-09-17 14:55:44 +0000 (Sat, 17 Sep 2016)
New Revision: 44684

Modified:
   data/CVE/list
Log:
More fixes from point release synced

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-17 14:43:47 UTC (rev 44683)
+++ data/CVE/list	2016-09-17 14:55:44 UTC (rev 44684)
@@ -4258,6 +4258,7 @@
 	RESERVED
 	{DSA-3666-1 DLA-624-1}
 	- mariadb-10.0 10.0.27-1
+	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
 	- mysql-5.6 <unfixed>
 	- mysql-5.5 <removed>
 	NOTE: This will likely be split by MITRE, unclear what precisely maps to CVE-2016-6662
@@ -7891,7 +7892,7 @@
 	- python3.4 3.4.4~rc1-1
 	[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
 	- python2.7 2.7.10~rc1-1
-	[jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+	[jessie] - python2.7 2.7.9-2+deb8u1
 	NOTE: https://bugs.python.org/issue22928
 	NOTE: Fixed in 3.4 / 3.5: revision 94952: https://hg.python.org/cpython/rev/bf3e1c9b80e9
 	NOTE: Fixed in 2.7: revision 94951: https://hg.python.org/cpython/rev/1c45047c5102
@@ -8332,7 +8333,7 @@
 	- python3.4 <removed>
 	[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
 	- python2.7 2.7.12~rc1-1
-	[jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+	[jessie] - python2.7 2.7.9-2+deb8u1
 	NOTE: https://bugs.python.org/issue26171
 CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS ...)
 	NOT-FOR-US: Citrix
@@ -12370,7 +12371,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
 CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel before ...)
 	- quassel 1:0.12.4-2 (bug #826402)
-	[jessie] - quassel <no-dsa> (Minor issue)
+	[jessie] - quassel 1:0.10.0-2.3+deb8u3
 	[wheezy] - quassel <not-affected> (Vulnerable code introduced with 0.10.0)
 	NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
 	NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
@@ -24061,7 +24062,7 @@
 	- python3.4 <removed>
 	[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
 	- python2.7 2.7.12~rc1-1
-	[jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+	[jessie] - python2.7 2.7.9-2+deb8u1
 	NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
 	NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
 	TODO: check other versions
@@ -24570,7 +24571,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
 CVE-2015-XXXX [remotely triggerable crash]
 	- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
-	[jessie] - ruby-eventmachine <no-dsa> (Issue can be fixed in point release)
+	[jessie] - ruby-eventmachine 1.0.3-6+deb8u1
 	[wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
 	NOTE: Workaround entry for DLA-549-1 until CVE assigned
 	NOTE: https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
@@ -29382,7 +29383,7 @@
 	[squeeze] - ruby1.9.1 <not-affected> (DL already fixed with CVE-2009-5147, Fiddle does not have vulnerable code)
 	- ruby2.0 <removed>
 	- ruby2.1 <removed> (bug #796344)
-	[jessie] - ruby2.1 <no-dsa> (Minor issue)
+	[jessie] - ruby2.1 2.1.5-2+deb8u3
 	- ruby2.2 2.2.4-1 (bug #796551)
 	NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
 	TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since affects multiple ruby versions
@@ -44548,7 +44549,7 @@
 	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
 	- ruby2.0 <removed>
 	- ruby2.1 <removed> (bug #796344)
-	[jessie] - ruby2.1 <no-dsa> (Minor issue)
+	[jessie] - ruby2.1 2.1.5-2+deb8u3
 	- ruby2.2 <not-affected> (Does not contain DL, cf note and corresponding CVE-2015-7551)
 	NOTE: https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
 	NOTE: Although the is upstream commit mentioned, the corresponding change does not