[Secure-testing-commits] r58191 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Dec 1 18:21:43 UTC 2017 

Author: carnil
Date: 2017-12-01 18:21:43 +0000 (Fri, 01 Dec 2017)
New Revision: 58191

Modified:
   data/CVE/list
Log:
package NOTEs: Switch to sources.debian.org links where previous referencing sources.debian.net

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-01 18:18:50 UTC (rev 58190)
+++ data/CVE/list	2017-12-01 18:21:43 UTC (rev 58191)
@@ -26778,7 +26778,7 @@
 	- lame 3.99.5+repack1-7
 	[wheezy] - lame 3.99.5+repack1-3+deb7u1
 	NOTE: https://sourceforge.net/p/lame/bugs/458/
-	NOTE: Issue addressed in Debian via: https://sources.debian.net/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/
+	NOTE: Issue addressed in Debian via: https://sources.debian.org/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/
 	NOTE: in the revised version as included in 3.99.5+repack1-7
 CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are ...)
 	- kibana <itp> (bug #700337)
@@ -29167,7 +29167,7 @@
 	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
 	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
 	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
-	NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
+	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
 CVE-2017-7740
 	RESERVED
 CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy ...)
@@ -29667,7 +29667,7 @@
 	NOTE: https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074
 	NOTE: https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236
 	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
-	NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
+	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
 CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" ...)
 	{DLA-928-1}
 	- libsndfile 1.0.27-2
@@ -29675,7 +29675,7 @@
 	NOTE: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
 	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/
 	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
-	NOTE: https://sources.debian.net/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
+	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
 CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...)
 	NOT-FOR-US: Foxit PDF Toolkit
 CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents. ...)
@@ -71973,7 +71973,7 @@
 	- ansible 2.0.1.0-2 (bug #819676)
 	[jessie] - ansible <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1322925
-	NOTE: https://sources.debian.net/src/ansible/2.0.1.0-1/lib/ansible/modules/extras/cloud/lxc/lxc_container.py/?hl=523#L523
+	NOTE: https://sources.debian.org/src/ansible/2.0.1.0-1/lib/ansible/modules/extras/cloud/lxc/lxc_container.py/?hl=523#L523
 CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local ...)
 	NOT-FOR-US: Pulp (Red Hat)
 CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...)
@@ -84017,7 +84017,7 @@
 	[jessie] - salt <no-dsa> (Minor issue)
 	NOTE: For jessie: /var/cache/salt/minion is created with restricted permissions on
 	NOTE: first start of salt-minion in verify_env mitigating the issue, cf.
-	NOTE: https://sources.debian.net/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
+	NOTE: https://sources.debian.org/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
 	NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
 	NOTE: https://github.com/saltstack/salt/issues/28455
 CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...)
@@ -94748,7 +94748,7 @@
 	NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
 	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
 	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
-	NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
+	NOTE: https://sources.debian.org/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
 CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for ...)
 	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
@@ -100594,7 +100594,7 @@
 	NOTE: https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
 	NOTE: Although the is upstream commit mentioned, the corresponding change does not
 	NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
-	NOTE: https://sources.debian.net/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does not
+	NOTE: https://sources.debian.org/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does not
 	NOTE: contain the change.
 	NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
 	NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220

More information about the Secure-testing-commits mailing list