[Secure-testing-commits] r48026 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 14 13:08:22 UTC 2017
Author: carnil
Date: 2017-01-14 13:08:22 +0000 (Sat, 14 Jan 2017)
New Revision: 48026
Modified:
data/CVE/list
Log:
Add some of the fixes included in 8.7
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-14 12:10:16 UTC (rev 48025)
+++ data/CVE/list 2017-01-14 13:08:22 UTC (rev 48026)
@@ -19883,7 +19883,7 @@
CVE-2016-7405 (The qstr method in the PDO driver in the ADOdb Library for PHP before ...)
{DLA-620-1}
- libphp-adodb 5.20.6-1 (bug #837211)
- [jessie] - libphp-adodb <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - libphp-adodb 5.15-1+deb8u1
NOTE: https://github.com/ADOdb/ADOdb/issues/226
NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
NOTE: Issue only with the PDO driver and only if queries built by inlining
@@ -20948,7 +20948,7 @@
RESERVED
{DLA-598-1}
- suckless-tools 41-1
- [jessie] - suckless-tools <no-dsa> (Minor issue)
+ [jessie] - suckless-tools 40-1+deb8u2
NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
NOTE: http://s1m0n.dft-labs.eu/files/slock/
NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
@@ -22654,7 +22654,7 @@
CVE-2016-6342 [posting entry as arbitrary username by improper authentication]
RESERVED
- elog 3.1.2-1-1 (bug #836505)
- [jessie] - elog <no-dsa> (Minor issue, can be fixed via a point release)
+ [jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1
NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
NOTE: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
CVE-2016-6341
@@ -27857,7 +27857,7 @@
CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 ...)
{DLA-630-1}
- zookeeper 3.4.9-1
- [jessie] - zookeeper <no-dsa> (Minor issue, can be fixed in point release)
+ [jessie] - zookeeper 3.4.5+dfsg-2+deb8u1
NOTE: The C cli shell is intended as a sample/example of how to use the C
NOTE: client interface, not as a production tool
NOTE: https://zookeeper.apache.org/security.html#CVE-2016-5017
@@ -28558,6 +28558,7 @@
RESERVED
{DLA-620-1}
- libphp-adodb 5.20.6-1 (unimportant; bug #837418)
+ [jessie] - libphp-adodb 5.15-1+deb8u1
NOTE: https://github.com/ADOdb/ADOdb/issues/274
NOTE: https://jvn.jp/en/jp/JVN48237713/
NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
@@ -40328,7 +40329,7 @@
CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
RESERVED
- duck 0.10
- [jessie] - duck <no-dsa> (Will be fixed via point release)
+ [jessie] - duck 0.7+deb8u1
NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) ...)
{DSA-3628-1 DLA-584-1 DLA-565-1}
More information about the Secure-testing-commits
mailing list