[Secure-testing-commits] r50386 - data/CVE

Wed Apr 5 20:51:29 UTC 2017

Author: jmm
Date: 2017-04-05 20:51:29 +0000 (Wed, 05 Apr 2017)
New Revision: 50386

Modified:
   data/CVE/list
Log:
horizon n/a
mysql-connector-python n/a
dhcpcd5 two n/a, one non-issue
fix links to dhcpcd patches to point to new git links instead, old ones inaccessible


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-04-05 20:48:23 UTC (rev 50385)
+++ data/CVE/list	2017-04-05 20:51:29 UTC (rev 50386)
@@ -91,6 +91,7 @@
 	NOTE: https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211
 CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 ...)
 	- horizon 3:10.0.1-1 (bug #859559)
+	[jessie] - horizon <not-affected> (Vulnerable code not present)
 	NOTE: https://launchpad.net/bugs/1667086
 CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex ...)
 	- ghostscript <undetermined>
@@ -32279,6 +32280,7 @@
 	NOT-FOR-US: Oracle
 CVE-2016-5598 (Unspecified vulnerability in the MySQL Connector component 2.1.3 and ...)
 	- mysql-connector-python 2.1.5-1 (bug #841677)
+	[jessie] - mysql-connector-python <not-affected> (Vulnerable code not present)
 	[wheezy] - mysql-connector-python <not-affected> (Only the Python 3 code is affected which is not shipped in binary package)
 	NOTE: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
 CVE-2016-5597 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
@@ -46179,17 +46181,19 @@
 	NOTE: Introduced in 1.4.36: http://web.archive.org/web/20150906061055/http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2976
 CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x ...)
 	- dhcpcd5 6.10.1-1 (bug #810621)
+	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	- dhcpcd <not-affected> (Vulnerable code not present)
-	NOTE: http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
+	NOTE: https://dev.marples.name/rDHC1475a702df74b120db847991bc011e3441a045b8
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
 	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
 CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of ...)
 	- dhcpcd5 6.10.1-1 (bug #810620)
+	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
 	- dhcpcd <not-affected> (Vulnerable code not present)
 	[squeeze] - dhcpcd <not-affected> (Vulnerable code not present)
-	NOTE: http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
+	NOTE: https://dev.marples.name/rDHC33c03b26c01201152774ef92e7b773281b8d8443
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
 	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
 CVE-2016-XXXX [Missing normalization]
@@ -81154,14 +81158,13 @@
 	RESERVED
 CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
 	{DLA-506-1}
-	- dhcpcd5 <unfixed> (bug #846938)
-	NOTE: Fixed for Android in https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/
-	NOTE: Fixed on upstream trunk in http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0
+	- dhcpcd5 6.9.1-1 (unimportant; bug #846938)
+	NOTE: https://dev.marples.name/rDHC93f3066bb0bc0974eab1943543205312a6b512ad
+	NOTE: Not exploitable according to upstream, possibly limited to Bionic
 CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in ...)
 	{DLA-506-1}
 	- dhcpcd5 6.9.1-1
-	NOTE: Fixed for Android in https://android.googlesource.com/platform/external/dhcpcd/+/73c09dd8067250734511d955d8f792b41c7213f0%5E!/
-	NOTE: Fixed on upstream trunk in http://roy.marples.name/projects/dhcpcd/ci/d71cfd8aa203bffe?sbs=0
+	NOTE: https://dev.marples.name/rDHCc204b018d1cfe740fb3179532070ae10fe34aaf3
 CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...)
 	NOT-FOR-US: Android
 CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...)


