[Secure-testing-commits] r51367 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat May 6 12:14:12 UTC 2017
Author: carnil
Date: 2017-05-06 12:14:12 +0000 (Sat, 06 May 2017)
New Revision: 51367
Modified:
data/CVE/list
data/next-point-update.txt
Log:
More CVEs included for Jessie 8.8 release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-06 12:00:39 UTC (rev 51366)
+++ data/CVE/list 2017-05-06 12:14:12 UTC (rev 51367)
@@ -3449,7 +3449,7 @@
RESERVED
{DLA-914-1}
- minicom 2.7-1.1 (bug #860940)
- [jessie] - minicom <no-dsa> (Minor issue; can be fixed via point release)
+ [jessie] - minicom 2.7-1+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
CVE-2017-7466 [Incomplete fix for CVE-2016-9587]
RESERVED
@@ -7731,7 +7731,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90
CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a ...)
- lxc 1:2.0.7-2 (bug #857295)
- [jessie] - lxc <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - lxc 1:1.0.6-6+deb8u6
[wheezy] - lxc <not-affected> (vulnerable code not present)
NOTE: https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html
NOTE: https://launchpad.net/bugs/1654676
@@ -7965,7 +7965,7 @@
CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting ...)
{DLA-888-1}
- logback 1:1.1.9-3 (bug #857343)
- [jessie] - logback <no-dsa> (Minor issue; can be fixed via point release)
+ [jessie] - logback 1:1.1.2-1+deb8u1
NOTE: https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
NOTE: https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9
NOTE: https://github.com/qos-ch/logback/commit/7fbea6127fa98fc48368ca5e8540eefe0e60cec5
@@ -7981,11 +7981,11 @@
NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
- yara 3.5.0+dfsg-9 (bug #859821)
- [jessie] - yara <no-dsa> (Minor issue)
+ [jessie] - yara 3.1.0-2+deb8u1
NOTE: https://github.com/VirusTotal/yara/issues/593
CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
- yara 3.5.0+dfsg-9 (bug #859821)
- [jessie] - yara <no-dsa> (Minor issue)
+ [jessie] - yara 3.1.0-2+deb8u1
NOTE: https://github.com/VirusTotal/yara/issues/597
CVE-2017-5922
RESERVED
@@ -7995,11 +7995,11 @@
RESERVED
CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
- yara 3.5.0+dfsg-9 (bug #859821)
- [jessie] - yara <no-dsa> (Minor issue)
+ [jessie] - yara 3.1.0-2+deb8u1
NOTE: https://github.com/VirusTotal/yara/issues/575
CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial ...)
- yara 3.5.0+dfsg-9 (bug #859821)
- [jessie] - yara <no-dsa> (Minor issue)
+ [jessie] - yara 3.1.0-2+deb8u1
NOTE: https://github.com/VirusTotal/yara/issues/576
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
- libarchive <unfixed> (bug #859456)
@@ -11215,7 +11215,7 @@
- chromium-browser 57.0.2987.98-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- libxslt 1.1.29-2.1 (bug #858546)
- [jessie] - libxslt <no-dsa> (Minor issue; can be fixed via point release)
+ [jessie] - libxslt 1.1.28-2+deb8u3
NOTE: Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
CVE-2017-5028
RESERVED
@@ -14291,12 +14291,12 @@
CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...)
{DLA-760-1}
- spip 3.1.4-2 (bug #848641)
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...)
{DLA-760-1}
- spip 3.1.4-2 (bug #848641)
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2015-8980 [Arbitrary code execution in select_string, ngettext and npgettext count parameter]
RESERVED
@@ -24742,7 +24742,7 @@
CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...)
{DLA-738-1}
- spip 3.1.4-2 (bug #847156)
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: https://core.spip.net/projects/spip/repository/revisions/23290
CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...)
NOT-FOR-US: PAN-OS
@@ -28734,7 +28734,7 @@
CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote ...)
{DLA-695-1}
- spip 3.1.3-1
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: http://seclists.org/fulldisclosure/2016/Oct/78
NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
@@ -28743,7 +28743,7 @@
CVE-2016-7998 (The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows ...)
{DLA-695-1}
- spip 3.1.3-1
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: http://seclists.org/fulldisclosure/2016/Oct/76
NOTE: https://core.spip.net/projects/spip/repository/revisions/23186 (master)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23189 (3.1)
@@ -28808,7 +28808,7 @@
CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in ...)
{DLA-695-1}
- spip 3.1.3-1
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: http://seclists.org/fulldisclosure/2016/Oct/73
NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
@@ -28829,7 +28829,7 @@
CVE-2016-7981 (Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP ...)
{DLA-695-1}
- spip 3.1.3-1
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: http://seclists.org/fulldisclosure/2016/Oct/68
NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
@@ -28838,7 +28838,7 @@
CVE-2016-7980 (Cross-site request forgery (CSRF) vulnerability in ...)
{DLA-695-1}
- spip 3.1.3-1
- [jessie] - spip <no-dsa> (Will be fixed in next jessie point update)
+ [jessie] - spip 3.0.17-2+deb8u3
NOTE: http://seclists.org/fulldisclosure/2016/Oct/67
NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
@@ -57904,7 +57904,7 @@
RESERVED
{DLA-913-1}
- activemq 5.14.3-3 (bug #860866)
- [jessie] - activemq <no-dsa> (Minor issue)
+ [jessie] - activemq 5.6.0+dfsg1-4+deb8u3
NOTE: Upstream commit: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
NOTE: https://issues.apache.org/jira/browse/AMQ-6470
CVE-2015-7558 (librsvg before 2.40.12 allows context-dependent attackers to cause a ...)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2017-05-06 12:00:39 UTC (rev 51366)
+++ data/next-point-update.txt 2017-05-06 12:14:12 UTC (rev 51367)
@@ -100,37 +100,3 @@
[jessie] - erlang 1:17.3-dfsg-4+deb8u1
CVE-2017-7443 [HTTP response splitting]
[jessie] - apt-cacher 1.7.10+deb8u1
-CVE-2017-5929
- [jessie] - logback 1:1.1.2-1+deb8u1
-CVE-2017-5029
- [jessie] - libxslt 1.1.28-2+deb8u3
-CVE-2017-5985
- [jessie] - lxc 1:1.0.6-6+deb8u6
-CVE-2016-10210
- [jessie] - yara 3.1.0-2+deb8u1
-CVE-2016-10211
- [jessie] - yara 3.1.0-2+deb8u1
-CVE-2017-5923
- [jessie] - yara 3.1.0-2+deb8u1
-CVE-2017-5924
- [jessie] - yara 3.1.0-2+deb8u1
-CVE-2017-7467
- [jessie] - minicom 2.7-1+deb8u1
-CVE-2016-7980
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-7981
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-7982
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-7998
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-7999
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-9152
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-9997
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2016-9998
- [jessie] - spip 3.0.17-2+deb8u3
-CVE-2015-7559
- [jessie] - activemq 5.6.0+dfsg1-4+deb8u3
More information about the Secure-testing-commits
mailing list