[Secure-testing-commits] r44851 - in data: . CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Sep 23 19:33:28 UTC 2016
Author: jmm
Date: 2016-09-23 19:33:28 +0000 (Fri, 23 Sep 2016)
New Revision: 44851
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
imagemagick DSA
more openssl fixes in experimental
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-23 19:23:59 UTC (rev 44850)
+++ data/CVE/list 2016-09-23 19:33:28 UTC (rev 44851)
@@ -3090,6 +3090,7 @@
CVE-2016-XXXX [SGI security bug]
[experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836776)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7405 [incorrect quoting may allow SQL injection]
RESERVED
{DLA-620-1}
@@ -3344,9 +3345,11 @@
CVE-2016-XXXX [Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report from Donghai Zhu)]
[experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836172)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-XXXX [TIFF divide by zero]
[experimental] - imagemagick 8:6.9.5.9+dfsg-1
- imagemagick <unfixed> (bug #836171)
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image ...)
{DLA-609-1}
- linux <not-affected>
@@ -5815,11 +5818,13 @@
RESERVED
CVE-2016-6308
RESERVED
+ [experimental] - openssl 1.1.0a-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=48c054fec3506417b2598837b8062aae7114c200
NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6307
RESERVED
+ [experimental] - openssl 1.1.0a-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=c1ef7c971d0bbf117c3c80f65b5875e2e7b024b1
NOTE: https://www.openssl.org/news/secadv/20160922.txt
@@ -5832,6 +5837,7 @@
NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6305 [SSL_peek() hang on empty record]
RESERVED
+ [experimental] - openssl 1.1.0a-1
- openssl <not-affected> (Only affects 1.1)
NOTE: https://www.openssl.org/news/secadv/20160922.txt
NOTE: Fixed in 1.1.0a
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-09-23 19:23:59 UTC (rev 44850)
+++ data/DSA/list 2016-09-23 19:33:28 UTC (rev 44851)
@@ -1,3 +1,5 @@
+[23 Sep 2016] DSA-3675-1 imagemagick - security update
+ [jessie] - imagemagick 8:6.8.9.9-5+deb8u5
[22 Sep 2016] DSA-3674-1 firefox-esr - security update
{CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284}
[jessie] - firefox-esr 45.4.0esr-1~deb8u2
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-09-23 19:23:59 UTC (rev 44850)
+++ data/dsa-needed.txt 2016-09-23 19:33:28 UTC (rev 44851)
@@ -18,9 +18,6 @@
--
icu
--
-imagemagick
- For regression fixes for last DSA at least, maybe as well new issues
---
libarchive (carnil)
--
libical
More information about the Secure-testing-commits
mailing list