[Secure-testing-commits] r48028 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jan 14 13:19:50 UTC 2017 

Author: carnil
Date: 2017-01-14 13:19:50 +0000 (Sat, 14 Jan 2017)
New Revision: 48028

Modified:
   data/CVE/list
Log:
More fixes from 8.7 recorded

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-14 13:08:28 UTC (rev 48027)
+++ data/CVE/list	2017-01-14 13:19:50 UTC (rev 48028)
@@ -15772,7 +15772,7 @@
 	RESERVED
 CVE-2016-XXXX [dbus format string vulnerability]
 	- dbus 1.10.12-1
-	[jessie] - dbus <no-dsa> (Minor issue)
+	[jessie] - dbus 1.8.22-0+deb8u1
 	[wheezy] - dbus <no-dsa> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
 	NOTE: Versions affected: dbus >= 1.4.0
@@ -16138,7 +16138,7 @@
 CVE-2016-1000247 [mpg123 memory overread]
 	{DLA-655-1}
 	- mpg123 1.23.8-1 (low; bug #838960)
-	[jessie] - mpg123 <no-dsa> (Minor issue)
+	[jessie] - mpg123 1.20.1-2+deb8u1
 	NOTE: http://mpg123.org/bugs/240
 CVE-2016-XXXX [nspr, nss: unprotected environment variables]
 	- nspr 2:4.12-1 (low)
@@ -16412,7 +16412,7 @@
 	RESERVED
 	{DLA-722-1}
 	- irssi 0.8.20-2 (bug #838762)
-	[jessie] - irssi <no-dsa> (Can be fixed in point release, minor issue)
+	[jessie] - irssi 0.8.17-1+deb8u2
 	NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
 	NOTE: https://irssi.org/2016/09/22/buf.pl-update/
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1
@@ -16672,7 +16672,7 @@
 	RESERVED
 CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...)
 	- gnutls28 3.5.3-4
-	[jessie] - gnutls28 <no-dsa> (Minor issue)
+	[jessie] - gnutls28 3.3.8-6+deb8u4
 	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
 	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
 	NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
@@ -18857,7 +18857,7 @@
 	RESERVED
 	{DLA-680-1}
 	- bash 4.4-1
-	[jessie] - bash <no-dsa> (Minor issue)
+	[jessie] - bash 4.3-11+deb8u1
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9
 	NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
 	NOTE: Wheezy are affected.
@@ -34133,14 +34133,14 @@
 	RESERVED
 	{DLA-454-1}
 	- minissdpd 1.2.20130907-3.2 (bug #816759)
-	[jessie] - minissdpd <no-dsa> (Minor issue, local DoS, can be fixed via point release)
+	[jessie] - minissdpd 1.2.20130907-3+deb8u1
 	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
 	NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
 CVE-2016-3179
 	RESERVED
 	{DLA-454-1}
 	- minissdpd 1.2.20130907-3.2 (bug #816759)
-	[jessie] - minissdpd <no-dsa> (Minor issue, local DoS, can be fixed via point release)
+	[jessie] - minissdpd 1.2.20130907-3+deb8u1
 	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
 	NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
 CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 ...)
@@ -42576,6 +42576,7 @@
 CVE-2016-0634 [bash prompt expanding return value from gethostname()]
 	RESERVED
 	- bash 4.4-1 (unimportant)
+	[jessie] - bash 4.3-11+deb8u1
 	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
 	NOTE: Fixed bin Bash upstream bash-4.4
@@ -44469,7 +44470,7 @@
 	[wheezy] - ufraw <not-affected> (Vulnerable code not present)
 	[squeeze] - ufraw <not-affected> (Vulnerable code not present)
 	- rawtherapee 4.2.1241-2
-	[jessie] - rawtherapee <no-dsa> (Minor issue)
+	[jessie] - rawtherapee 4.2-1+deb8u2
 	[wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
 	[squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
 	- exactimage 0.9.1-13
@@ -57860,7 +57861,7 @@
 	[wheezy] - freeimage <no-dsa> (Minor issue)
 	[squeeze] - freeimage <no-dsa> (Minor issue)
 	- darktable 1.6.7-1 (bug #786792)
-	[jessie] - darktable <no-dsa> (Minor issue)
+	[jessie] - darktable 1.4.2-1+deb8u1
 	[wheezy] - darktable <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2015-006.html
 	NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start

More information about the Secure-testing-commits mailing list