[Secure-testing-commits] r53788 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 22 10:22:22 UTC 2017
Author: carnil
Date: 2017-07-22 10:22:21 +0000 (Sat, 22 Jul 2017)
New Revision: 53788
Modified:
data/CVE/list
data/next-oldstable-point-update.txt
Log:
Merge fixed version for uploads to jessie point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-22 10:01:11 UTC (rev 53787)
+++ data/CVE/list 2017-07-22 10:22:21 UTC (rev 53788)
@@ -4450,10 +4450,10 @@
{DLA-1014-1 DLA-1003-1}
- unrar-nonfree 1:5.5.5-1 (bug #865461)
[stretch] - unrar-nonfree 1:5.3.2-1+deb9u1
- [jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
+ [jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1
- libclamunrar 0.99-4 (bug #867223)
[stretch] - libclamunrar 0.99-3+deb9u1
- [jessie] - libclamunrar <no-dsa> (Non-free not supported)
+ [jessie] - libclamunrar 0.99-0+deb8u3
NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
@@ -4553,7 +4553,7 @@
{DLA-998-1}
- c-ares 1.12.0-4 (bug #865360)
[stretch] - c-ares 1.12.0-1+deb9u1
- [jessie] - c-ares <no-dsa> (Minor issue)
+ [jessie] - c-ares 1.10.0-2+deb8u2
NOTE: https://c-ares.haxx.se/adv_20170620.html
NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before ...)
@@ -6257,25 +6257,25 @@
CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
{DLA-958-1}
- libonig 6.1.3-2 (bug #863318)
- [jessie] - libonig <no-dsa> (Minor issue)
+ [jessie] - libonig 5.9.5-3.2+deb8u1
NOTE: https://github.com/kkos/oniguruma/issues/59
NOTE: https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
{DLA-958-1}
- libonig 6.1.3-2 (bug #863316)
- [jessie] - libonig <no-dsa> (Minor issue)
+ [jessie] - libonig 5.9.5-3.2+deb8u1
NOTE: https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
NOTE: https://github.com/kkos/oniguruma/issues/60
CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
{DLA-958-1}
- libonig 6.1.3-2 (bug #863315)
- [jessie] - libonig <no-dsa> (Minor issue)
+ [jessie] - libonig 5.9.5-3.2+deb8u1
NOTE: https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
NOTE: https://github.com/kkos/oniguruma/issues/58
CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
{DLA-958-1}
- libonig 6.1.3-2 (bug #863314)
- [jessie] - libonig <no-dsa> (Minor issue)
+ [jessie] - libonig 5.9.5-3.2+deb8u1
NOTE: https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
NOTE: https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6
NOTE: https://github.com/kkos/oniguruma/issues/55
@@ -6288,7 +6288,7 @@
CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
{DLA-958-1}
- libonig 6.1.3-2 (bug #863312)
- [jessie] - libonig <no-dsa> (Minor issue)
+ [jessie] - libonig 5.9.5-3.2+deb8u1
NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
NOTE: https://github.com/kkos/oniguruma/issues/57
CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...)
@@ -7225,7 +7225,7 @@
RESERVED
CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows ...)
- flightgear 1:2016.4.4+dfsg-3 (bug #862689)
- [jessie] - flightgear <no-dsa> (Minor issue)
+ [jessie] - flightgear 3.0.0-5+deb8u2
NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ (next)
NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ (2016.4)
NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0)
@@ -7463,7 +7463,7 @@
CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...)
{DLA-935-1}
- lxterminal 0.3.0-2 (low; bug #862098)
- [jessie] - lxterminal <no-dsa> (Minor issue)
+ [jessie] - lxterminal 0.2.0-1+deb8u1
NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 ...)
- libcroco <unfixed> (bug #864666; low)
@@ -11436,7 +11436,7 @@
CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over ...)
- rkhunter 1.4.4-1 (bug #866677)
[stretch] - rkhunter 1.4.2-6+deb9u1
- [jessie] - rkhunter <no-dsa> (Minor issue)
+ [jessie] - rkhunter 1.4.2-0.4+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2017/06/29/2
NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch
CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to ...)
@@ -11638,7 +11638,7 @@
RESERVED
CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the ...)
- proftpd-dfsg 1.3.5b-4 (low; bug #859592)
- [jessie] - proftpd-dfsg <no-dsa> (Minor issue)
+ [jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
[wheezy] - proftpd-dfsg <no-dsa> (Minor issue)
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4295
NOTE: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed
@@ -18837,7 +18837,7 @@
NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
CVE-2017-XXXX [multiple new security issues]
- w3m 0.5.3-34 (bug #850432)
- [jessie] - w3m <no-dsa> (Minor issues)
+ [jessie] - w3m 0.5.3-19+deb8u2
[wheezy] - w3m <no-dsa> (Minor issues)
CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before ...)
{DSA-3802-1}
@@ -19772,7 +19772,7 @@
- serendipity <removed>
CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote ...)
- shutter 0.93.1-1.3 (bug #849777)
- [jessie] - shutter <no-dsa> (Minor issue)
+ [jessie] - shutter 0.92-0.1+deb8u2
[wheezy] - shutter <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/shutter/+bug/1652600
CVE-2016-10080
@@ -25551,7 +25551,7 @@
CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the ...)
- mbedtls 2.4.2-1 (bug #857560)
- polarssl <removed> (bug #857561)
- [jessie] - polarssl <no-dsa> (Minor issue)
+ [jessie] - polarssl 1.3.9-2.1+deb8u2
[wheezy] - polarssl <not-affected> (Vulnerable code not present)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however.
@@ -38606,7 +38606,7 @@
- apt-cacher 1.7.15 (bug #858739)
[buster] - apt-cacher 1.7.13+deb9u1
[stretch] - apt-cacher 1.7.13+deb9u1
- [jessie] - apt-cacher <no-dsa> (Minor issue)
+ [jessie] - apt-cacher 1.7.10+deb8u1
CVE-2016-7442 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
NOT-FOR-US: Sophos UTM
CVE-2016-7441
@@ -52876,7 +52876,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
CVE-2016-3125 (The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 ...)
- proftpd-dfsg 1.3.5b-1 (bug #818492)
- [jessie] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
+ [jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
NOTE: Fixed in 1.3.6rc2, 1.3.5b.
@@ -55706,7 +55706,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
CVE-2017-6100 (tcpdf before 6.2.0 uploads files from the server generating PDF-files ...)
- tcpdf 6.2.12+dfsg2-1 (bug #814030)
- [jessie] - tcpdf <no-dsa> (Minor issue, will be fixed via point release)
+ [jessie] - tcpdf 6.0.093+dfsg-1+deb8u1
NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/
CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 ...)
{DSA-3746-1 DLA-484-1}
Modified: data/next-oldstable-point-update.txt
===================================================================
--- data/next-oldstable-point-update.txt 2017-07-22 10:01:11 UTC (rev 53787)
+++ data/next-oldstable-point-update.txt 2017-07-22 10:22:21 UTC (rev 53788)
@@ -4,8 +4,6 @@
[jessie] - dosfstools 3.0.27-1+deb8u1
CVE-2016-7115
[jessie] - mactelnet 0.4.0-1+deb8u1
-CVE-2017-7443 [HTTP response splitting]
- [jessie] - apt-cacher 1.7.10+deb8u1
CVE-2016-7942
[jessie] - libx11 2:1.6.2-3+deb8u1
CVE-2016-7943
@@ -32,19 +30,6 @@
[jessie] - libxrender 1:0.9.8-1+deb8u1
CVE-2016-7953
[jessie] - libxvmc 2:1.0.8-2+deb8u1
-CVE-2017-XXXX [w3m]
- [jessie] - w3m 0.5.3-19+deb8u2
- NOTE: For #850432
-CVE-2017-2784
- [jessie] - polarssl 1.3.9-2.1+deb8u2
-CVE-2016-10369
- [jessie] - lxterminal 0.2.0-1+deb8u1
-CVE-2017-6100
- [jessie] - tcpdf 6.0.093+dfsg-1+deb8u1
-CVE-2017-8921
- [jessie] - flightgear 3.0.0-5+deb8u2
-CVE-2016-10081
- [jessie] - shutter 0.92-0.1+deb8u2
CVE-2015-6918
[jessie] - salt 2014.1.13+ds-3+deb8u1
CVE-2015-6941
@@ -53,23 +38,8 @@
[jessie] - salt 2014.1.13+ds-3+deb8u1
CVE-2016-3176
[jessie] - salt 2014.1.13+ds-3+deb8u1
-CVE-2017-9229
- [jessie] - libonig 5.9.5-3.2+deb8u1
-CVE-2017-9228
- [jessie] - libonig 5.9.5-3.2+deb8u1
-CVE-2017-9227
- [jessie] - libonig 5.9.5-3.2+deb8u1
-CVE-2017-9226
- [jessie] - libonig 5.9.5-3.2+deb8u1
-CVE-2017-9224
- [jessie] - libonig 5.9.5-3.2+deb8u1
-CVE-2012-6706
- [jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1
- [jessie] - libclamunrar 0.99-0+deb8u3
CVE-2017-8296
[jessie] - kedpm 1.0+deb8u1
-CVE-2017-1000381
- [jessie] - c-ares 1.10.0-2+deb8u2
CVE-2017-11113
[jessie] - ncurses 5.9+20140913-1+deb8u1
CVE-2017-11112
@@ -78,5 +48,3 @@
[jessie] - ncurses 5.9+20140913-1+deb8u1
CVE-2017-10685
[jessie] - ncurses 5.9+20140913-1+deb8u1
-CVE-2017-7480
- [jessie] - rkhunter 1.4.2-0.4+deb8u1
More information about the Secure-testing-commits
mailing list