[Secure-testing-commits] r58385 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 9 10:17:30 UTC 2017
Author: carnil
Date: 2017-12-09 10:17:30 +0000 (Sat, 09 Dec 2017)
New Revision: 58385
Modified:
data/CVE/list
Log:
Review changes for 8.10 included via jessie-pu
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-09 09:36:06 UTC (rev 58384)
+++ data/CVE/list 2017-12-09 10:17:30 UTC (rev 58385)
@@ -3909,7 +3909,7 @@
- fig2dev 1:3.2.6a-5 (bug #881143)
[stretch] - fig2dev 1:3.2.6a-2+deb9u1
- transfig <removed>
- [jessie] - transfig <no-dsa> (Minor issue)
+ [jessie] - transfig 1:3.2.5.e-4+deb8u1
[wheezy] - transfig <no-dsa> (Minor issue)
CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...)
- ming <removed>
@@ -4969,7 +4969,7 @@
CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...)
{DLA-1185-1}
- sam2p <removed>
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/16
CVE-2017-16662
RESERVED
@@ -7164,7 +7164,7 @@
CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...)
- ruby-ox 2.8.2-1 (bug #881445)
[stretch] - ruby-ox 2.1.1-2+deb9u1
- [jessie] - ruby-ox <no-dsa> (Minor issue)
+ [jessie] - ruby-ox 2.1.1-2+deb8u1
NOTE: https://github.com/ohler55/ox/issues/194
NOTE: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8
CVE-2017-15927
@@ -9417,7 +9417,7 @@
RESERVED
- pdns-recursor 4.0.7-1
[stretch] - pdns-recursor 4.0.4-1+deb9u2
- [jessie] - pdns-recursor <no-dsa> (Minor issue)
+ [jessie] - pdns-recursor 3.6.2-2+deb8u4
[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced later)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
NOTE: https://downloads.powerdns.com/patches/2017-06/
@@ -9433,7 +9433,7 @@
RESERVED
- pdns 4.0.5-1
[stretch] - pdns 4.0.3-1+deb9u2
- [jessie] - pdns <no-dsa> (Minor issue)
+ [jessie] - pdns 3.4.1-4+deb8u8
[wheezy] - pdns <not-affected> (Vulnerable code not present)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
NOTE: https://downloads.powerdns.com/patches/2017-04/
@@ -9958,7 +9958,7 @@
CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for ...)
- icu 57.1-7 (bug #878840)
[stretch] - icu 57.1-6+deb9u1
- [jessie] - icu <postponed> (Should be fixed along in future update)
+ [jessie] - icu 52.1-8+deb8u6
[wheezy] - icu <postponed> (Can be fixed in next update)
NOTE: http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
NOTE: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
@@ -10579,7 +10579,7 @@
{DLA-1192-1}
- libofx 1:0.9.11-5 (bug #877442)
[stretch] - libofx 1:0.9.10-2+deb9u1
- [jessie] - libofx <no-dsa> (Minor issue)
+ [jessie] - libofx 1:0.9.10-1+deb8u1
NOTE: https://github.com/libofx/libofx/issues/10
NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd
CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before ...)
@@ -10645,7 +10645,7 @@
{DLA-1111-1}
- weechat 1.9.1-1 (bug #876553)
[stretch] - weechat 1.6-1+deb9u2
- [jessie] - weechat <no-dsa> (Minor issue; requires a malicious IRC server)
+ [jessie] - weechat 1.0.1-1+deb8u2
NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks ...)
NOT-FOR-US: EPESI
@@ -10840,12 +10840,12 @@
CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb ...)
{DLA-1127-1}
- sam2p <removed> (bug #876744)
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/14 (bug 5)
CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes ...)
{DLA-1127-1}
- sam2p <removed> (bug #876744)
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before ...)
{DSA-4021-1 DLA-1119-1}
@@ -10884,22 +10884,22 @@
CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an ...)
{DLA-1127-1}
- sam2p <removed> (bug #876744)
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/14 (bug 1)
CVE-2017-14630 (In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 ...)
{DLA-1127-1}
- sam2p <removed> (bug #876744)
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/14 (bug 6)
CVE-2017-14629 (In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an ...)
{DLA-1127-1}
- sam2p <removed> (bug #876744)
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/14 (bug 3)
CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the ...)
{DLA-1127-1}
- sam2p <removed> (bug #876744)
- [jessie] - sam2p <no-dsa> (Minor issue)
+ [jessie] - sam2p 0.49.2-3+deb8u1
NOTE: https://github.com/pts/sam2p/issues/14 (bug 2)
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
NOT-FOR-US: CyberLink LabelPrint
@@ -12061,7 +12061,7 @@
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
- libwpd 0.10.2-1 (bug #876001)
[stretch] - libwpd 0.10.1-5+deb9u1
- [jessie] - libwpd <no-dsa> (Minor issue)
+ [jessie] - libwpd 0.10.0-2+deb8u1
[wheezy] - libwpd <not-affected> (Vulnerable code do not exist)
NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
@@ -13478,43 +13478,43 @@
CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...)
- ncurses 6.0+20170827-1 (bug #873723)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291
CVE-2017-13733 (There is an illegal address access in the fmt_entry function in ...)
- ncurses 6.0+20170902-1 (bug #873746)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290
CVE-2017-13732 (There is an illegal address access in the function dump_uses() in ...)
- ncurses 6.0+20170827-1 (bug #873723)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287
CVE-2017-13731 (There is an illegal address access in the function ...)
- ncurses 6.0+20170827-1 (bug #873723)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285
CVE-2017-13730 (There is an illegal address access in the function ...)
- ncurses 6.0+20170827-1 (bug #873723)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284
CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in ...)
- ncurses 6.0+20170827-1 (bug #873723)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276
CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...)
- ncurses 6.0+20170827-1 (bug #873723)
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
CVE-2017-13727 (There is a reachable assertion abort in the function ...)
@@ -13641,7 +13641,7 @@
CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
[stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1
- [jessie] - flightgear <no-dsa> (Minor issue)
+ [jessie] - flightgear 3.0.0-5+deb8u3
NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
CVE-2017-13705
RESERVED
@@ -20418,7 +20418,7 @@
{DLA-1058-1}
- krb5 1.15.1-2 (bug #869260)
[stretch] - krb5 1.15-1+deb9u1
- [jessie] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
+ [jessie] - krb5 1.12.1+dfsg-19+deb8u3
NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2
CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 ...)
NOT-FOR-US: shoco
@@ -21334,13 +21334,13 @@
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
- ncurses 6.0+20170701-1
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691
CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...)
- ncurses 6.0+20170701-1
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...)
@@ -22460,13 +22460,13 @@
CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entry ...)
- ncurses 6.0+20170701-1
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692
CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry ...)
- ncurses 6.0+20170708-1
[stretch] - ncurses 6.0+20161126-1+deb9u1
- [jessie] - ncurses <no-dsa> (Minor issue)
+ [jessie] - ncurses 5.9+20140913-1+deb8u1
[wheezy] - ncurses <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687
CVE-2017-10683 (In mpg123 1.25.0, there is a heap-based buffer over-read in the ...)
@@ -24418,7 +24418,7 @@
{DLA-1137-1 DLA-1136-1 DLA-1135-1}
- db5.3 5.3.28-13.1 (bug #872436)
[stretch] - db5.3 5.3.28-12+deb9u1
- [jessie] - db5.3 <no-dsa> (Minor issue; will be fixed via point release)
+ [jessie] - db5.3 5.3.28-9+deb8u1
- db5.2 <removed>
- db5.1 <removed>
- db4.8 <removed>
@@ -24431,7 +24431,7 @@
- db4.1 <removed>
- db4.0 <removed>
- db <removed>
- [jessie] - db <no-dsa> (Minor issue; will be fixed via point release)
+ [jessie] - db 5.1.29-9+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
@@ -24887,7 +24887,7 @@
{DLA-1036-1}
- gsoap 2.8.48-1
[stretch] - gsoap 2.8.35-4+deb9u1
- [jessie] - gsoap <no-dsa> (Minor issue)
+ [jessie] - gsoap 2.8.17-1+deb8u1
NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
NOTE: SuSE patch: https://bugzilla.suse.com/attachment.cgi?id=733005
@@ -25512,7 +25512,7 @@
CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...)
- kdepim 4:16.04.3-4 (bug #864804)
[stretch] - kdepim 4:16.04.3-4~deb9u1
- [jessie] - kdepim <no-dsa> (Minor issue)
+ [jessie] - kdepim 4:4.14.1-1+deb8u1
[wheezy] - kdepim <not-affected> (sendlater issue is not present in kdepim-4.4.11.1+l10n)
- kf5-messagelib 4:16.04.3-3 (bug #864803)
[stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
@@ -26569,7 +26569,7 @@
- sudo 1.8.20p1-1.1 (bug #863897)
[buster] - sudo 1.8.19p1-2.1
[stretch] - sudo 1.8.19p1-2.1
- [jessie] - sudo <no-dsa> (Minor issue)
+ [jessie] - sudo 1.8.10p3-1+deb8u5
NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an ...)
@@ -29527,8 +29527,9 @@
CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is ...)
{DLA-925-1}
- kedpm <removed> (bug #860817)
- [jessie] - kedpm <no-dsa> (Minor issue, can be fixed via point release)
- NOTE: patch in BTS gives workaround to always prompt for password and do not save to database
+ [jessie] - kedpm 1.0+deb8u1
+ NOTE: patch in BTS gives workaround to always prompt for password and do not save
+ NOTE: to database.
NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a ...)
{DSA-3870-1 DLA-975-1}
@@ -43364,7 +43365,7 @@
CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, ...)
{DLA-921-1}
- slurm-llnl 16.05.8-1 (bug #850491)
- [jessie] - slurm-llnl <no-dsa> (Minor issue)
+ [jessie] - slurm-llnl 14.03.9-5+deb8u1
NOTE: https://www.schedmd.com/news.php?id=178
NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...)
@@ -46963,7 +46964,7 @@
{DLA-1192-1}
- libofx 1:0.9.11-4 (bug #875801)
[stretch] - libofx 1:0.9.10-2+deb9u1
- [jessie] - libofx <no-dsa> (Minor issue)
+ [jessie] - libofx 1:0.9.10-1+deb8u1
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
NOTE: https://github.com/libofx/libofx/issues/9
@@ -46982,7 +46983,7 @@
CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...)
- python-tablib 0.9.11-3 (bug #864818)
[stretch] - python-tablib 0.9.11-2+deb8u1
- [jessie] - python-tablib <no-dsa> (Minor issue)
+ [jessie] - python-tablib 0.9.11-2+deb8u1
NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality ...)
@@ -58986,17 +58987,17 @@
CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X ...)
{DLA-671-1}
- libxvmc 2:1.0.10-1 (low; bug #840445)
- [jessie] - libxvmc <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxvmc 2:1.0.8-2+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
CVE-2016-7952 (X.org libXtst before 1.2.3 allows remote X servers to cause a denial ...)
{DLA-686-1}
- libxtst 2:1.2.3-1 (low; bug #840444)
- [jessie] - libxtst <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxtst 2:1.2.2-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7951 (Multiple integer overflows in X.org libXtst before 1.2.3 allow remote ...)
{DLA-686-1}
- libxtst 2:1.2.3-1 (low; bug #840444)
- [jessie] - libxtst <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxtst 2:1.2.2-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7950 (The XRenderQueryFilters function in X.org libXrender before 0.9.10 ...)
{DLA-664-1}
@@ -59011,39 +59012,39 @@
CVE-2016-7948 (X.org libXrandr before 1.5.1 allows remote X servers to trigger ...)
{DLA-660-1}
- libxrandr 2:1.5.1-1 (low; bug #840441)
- [jessie] - libxrandr <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxrandr 2:1.4.2-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7947 (Multiple integer overflows in X.org libXrandr before 1.5.1 allow ...)
{DLA-660-1}
- libxrandr 2:1.5.1-1 (low; bug #840441)
- [jessie] - libxrandr <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxrandr 2:1.4.2-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7946 (X.org libXi before 1.7.7 allows remote X servers to cause a denial of ...)
{DLA-685-1}
- libxi 2:1.7.8-1 (low; bug #840440)
- [jessie] - libxi <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxi 2:1.7.4-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7945 (Multiple integer overflows in X.org libXi before 1.7.7 allow remote X ...)
{DLA-685-1}
- libxi 2:1.7.8-1 (low; bug #840440)
- [jessie] - libxi <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxi 2:1.7.4-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7944 (Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms ...)
{DLA-654-1}
- libxfixes 1:5.0.3-1 (low; bug #840442)
- [jessie] - libxfixes <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxfixes 1:5.0.1-2+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
CVE-2016-7943 (The XListFonts function in X.org libX11 before 1.6.4 might allow ...)
{DLA-684-1}
- libx11 2:1.6.4-1 (low; bug #840439)
- [jessie] - libx11 <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libx11 2:1.6.2-3+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
CVE-2016-7942 (The XGetImage function in X.org libX11 before 1.6.4 might allow remote ...)
{DLA-684-1}
- libx11 2:1.6.4-1 (low; bug #840439)
- [jessie] - libx11 <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libx11 2:1.6.2-3+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
CVE-2016-7941
RESERVED
@@ -66960,7 +66961,7 @@
CVE-2016-5407 (The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org ...)
{DLA-667-1}
- libxv 2:1.0.11-1 (low; bug #840438)
- [jessie] - libxv <no-dsa> (Minor issue, will be fixed in a point release)
+ [jessie] - libxv 2:1.0.10-1+deb8u1
NOTE: https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...)
NOT-FOR-US: JBoss EAP
@@ -74241,13 +74242,13 @@
RESERVED
CVE-2016-3120 (The validate_as_request function in kdc_util.c in the Key Distribution ...)
- krb5 1.14.3+dfsg-1 (bug #832572)
- [jessie] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
+ [jessie] - krb5 1.12.1+dfsg-19+deb8u3
[wheezy] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
CVE-2016-3119 (The process_db_args function in ...)
- krb5 1.14.2+dfsg-1 (bug #819468)
- [jessie] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
+ [jessie] - krb5 1.12.1+dfsg-19+deb8u3
[wheezy] - krb5 <no-dsa> (Minor issue; can be fixed along with a future DSA)
NOTE: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
CVE-2016-3118 (CRLF injection vulnerability in CA API Gateway (formerly Layer7 API ...)
@@ -101714,7 +101715,7 @@
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
CVE-2015-2694 (The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x ...)
- krb5 1.12.1+dfsg-20 (bug #783557)
- [jessie] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
+ [jessie] - krb5 1.12.1+dfsg-19+deb8u3
[wheezy] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
[squeeze] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
@@ -114059,7 +114060,7 @@
CVE-2014-8184 [stack-based buffer overflow in findTable()]
RESERVED
- liblouis 2.6.2-1 (bug #880621)
- [jessie] - liblouis <no-dsa> (Minor issue)
+ [jessie] - liblouis 2.5.3-3+deb8u1
[wheezy] - liblouis <not-affected> (Vulnerable code introduced in 2.5.0)
NOTE: https://github.com/liblouis/liblouis/issues/425
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701
More information about the Secure-testing-commits
mailing list