[Secure-testing-commits] r51368 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat May 6 12:28:55 UTC 2017
Author: carnil
Date: 2017-05-06 12:28:55 +0000 (Sat, 06 May 2017)
New Revision: 51368
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Merge more fixes landing in jessie via 8.8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-06 12:14:12 UTC (rev 51367)
+++ data/CVE/list 2017-05-06 12:28:55 UTC (rev 51368)
@@ -2342,10 +2342,10 @@
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an ...)
- gnutls28 3.5.8-4
- [jessie] - gnutls28 <no-dsa> (Minor issue)
+ [jessie] - gnutls28 3.3.8-6+deb8u5
- gnutls26 <removed>
[wheezy] - gnutls26 <no-dsa> (Minor issue)
- NOTE: OpenPGP-related
+ NOTE: OpenPGP-related issue
NOTE: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-3
@@ -4555,7 +4555,7 @@
RESERVED
CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of ...)
- erlang 1:19.2.1+dfsg-2 (bug #858313)
- [jessie] - erlang <no-dsa> (Minor issue)
+ [jessie] - erlang 1:17.3-dfsg-4+deb8u1
[wheezy] - erlang <not-affected> (Vulnerable code not present)
NOTE: https://github.com/erlang/otp/pull/1108
CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the ...)
@@ -6115,7 +6115,7 @@
{DLA-851-1}
- wget 1.19.1-2 (bug #857073)
[stretch] - wget 1.18-5
- [jessie] - wget <no-dsa> (Minor issue)
+ [jessie] - wget 1.16-1+deb8u2
NOTE: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification function ...)
@@ -6803,13 +6803,13 @@
CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
{DLA-850-1}
- vim 2:8.0.0197-3 (bug #856266)
- [jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - vim 2:7.4.488-7+deb8u3
- neovim 0.1.7-4
NOTE: Fixed by: https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occur ...)
{DLA-850-1}
- vim 2:8.0.0197-3 (bug #856266)
- [jessie] - vim <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - vim 2:7.4.488-7+deb8u3
- neovim 0.1.7-4
NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows ...)
@@ -10662,31 +10662,31 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
CVE-2017-5337 (Multiple heap-based buffer overflows in the read_attribute function in ...)
- gnutls28 3.5.8-1
- [jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
+ [jessie] - gnutls28 3.3.8-6+deb8u5
- gnutls26 <removed>
[wheezy] - gnutls26 <no-dsa> (Minor issue)
- NOTE: OpenPGP-related
+ NOTE: OpenPGP-related issue
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in ...)
- gnutls28 3.5.8-1
- [jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
+ [jessie] - gnutls28 3.3.8-6+deb8u5
- gnutls26 <removed>
[wheezy] - gnutls26 <no-dsa> (Minor issue)
- NOTE: OpenPGP-related
+ NOTE: OpenPGP-related issue
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS ...)
- gnutls28 3.5.8-1
- [jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
+ [jessie] - gnutls28 3.3.8-6+deb8u5
- gnutls26 <removed>
[wheezy] - gnutls26 <no-dsa> (Minor issue)
- NOTE: OpenPGP-related
+ NOTE: OpenPGP-related issue
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...)
- gnutls28 3.5.8-1
- [jessie] - gnutls28 <no-dsa> (Minor issue, will be fixed via point update)
+ [jessie] - gnutls28 3.3.8-6+deb8u5
NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1
NOTE: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b
CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitrary ...)
@@ -22835,22 +22835,22 @@
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
- nvidia-graphics-drivers 375.39-1 (bug #855277)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.102-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a ...)
- nvidia-graphics-drivers 375.39-1 (bug #855277)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.102-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0316
@@ -22865,25 +22865,25 @@
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel ...)
- nvidia-graphics-drivers 375.39-1 (bug #855277)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.102-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
- nvidia-graphics-drivers 375.39-1 (bug #855277)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.102-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
- nvidia-graphics-drivers 375.39-1 (bug #855277)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.102-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0307 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
@@ -30341,18 +30341,18 @@
NOTE: compile with DEBUG_TRACE.
CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...)
- dropbear 2016.74-1
- [jessie] - dropbear <no-dsa> (Minor issue)
+ [jessie] - dropbear 2014.65-1+deb8u1
[wheezy] - dropbear <not-affected> (Vulnerable code not present)
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows ...)
{DLA-634-1}
- dropbear 2016.74-1
- [jessie] - dropbear <no-dsa> (Minor issue)
+ [jessie] - dropbear 2014.65-1+deb8u1
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows ...)
{DLA-634-1}
- dropbear 2016.74-1
- [jessie] - dropbear <no-dsa> (Minor issue)
+ [jessie] - dropbear 2014.65-1+deb8u1
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
CVE-2016-7404
RESERVED
@@ -32079,9 +32079,9 @@
RESERVED
{DLA-794-1}
- groovy 2.4.8-1 (bug #851408)
- [jessie] - groovy <no-dsa> (Minor issue)
+ [jessie] - groovy 1.8.6-4+deb8u2
- groovy2 <removed>
- [jessie] - groovy2 <no-dsa> (Minor issue)
+ [jessie] - groovy2 2.2.2+dfsg-3+deb8u2
CVE-2016-6813
RESERVED
CVE-2016-6812
@@ -44944,7 +44944,7 @@
NOTE: Requires authenticated user
CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows ...)
- dropbear 2016.72-1
- [jessie] - dropbear <no-dsa> (Minor issue)
+ [jessie] - dropbear 2014.65-1+deb8u1
[wheezy] - dropbear <no-dsa> (Minor issue)
NOTE: https://matt.ucc.asn.au/dropbear/CHANGES
NOTE: Fixed in 2016.72 upstream
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2017-05-06 12:14:12 UTC (rev 51367)
+++ data/next-point-update.txt 2017-05-06 12:28:55 UTC (rev 51368)
@@ -4,6 +4,8 @@
[jessie] - dosfstools 3.0.27-1+deb8u1
CVE-2016-7115
[jessie] - mactelnet 0.4.0-1+deb8u1
+CVE-2017-7443 [HTTP response splitting]
+ [jessie] - apt-cacher 1.7.10+deb8u1
CVE-2016-8605
[jessie] - guile-2.0 2.0.11+1-9+deb8u1
CVE-2016-8606
@@ -51,52 +53,3 @@
[jessie] - libxrender 1:0.9.8-1+deb8u1
CVE-2016-7953
[jessie] - libxvmc 2:1.0.8-2+deb8u1
-CVE-2016-3116
- [jessie] - dropbear 2014.65-1+deb8u1
-CVE-2016-7406
- [jessie] - dropbear 2014.65-1+deb8u1
-CVE-2016-7407
- [jessie] - dropbear 2014.65-1+deb8u1
-CVE-2016-7408
- [jessie] - dropbear 2014.65-1+deb8u1
-CVE-2016-6814
- [jessie] - groovy 1.8.6-4+deb8u2
- [jessie] - groovy2 2.2.2+dfsg-3+deb8u2
-CVE-2017-0309
- [jessie] - nvidia-graphics-drivers 340.102-1
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
-CVE-2017-0310
- [jessie] - nvidia-graphics-drivers 340.102-1
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
-CVE-2017-0311
- [jessie] - nvidia-graphics-drivers 340.102-1
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
-CVE-2017-0312
- [jessie] - nvidia-graphics-drivers 340.102-1
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
-CVE-2017-0318
- [jessie] - nvidia-graphics-drivers 340.102-1
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
-CVE-2017-0321
- [jessie] - nvidia-graphics-drivers 340.102-1
- [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
-CVE-2017-5334
- [jessie] - gnutls28 3.3.8-6+deb8u5
-CVE-2017-5335
- [jessie] - gnutls28 3.3.8-6+deb8u5
-CVE-2017-5336
- [jessie] - gnutls28 3.3.8-6+deb8u5
-CVE-2017-5337
- [jessie] - gnutls28 3.3.8-6+deb8u5
-CVE-2017-7869
- [jessie] - gnutls28 3.3.8-6+deb8u5
-CVE-2017-6349
- [jessie] - vim 2:7.4.488-7+deb8u3
-CVE-2017-6350
- [jessie] - vim 2:7.4.488-7+deb8u3
-CVE-2017-6508
- [jessie] - wget 1.16-1+deb8u2
-CVE-2016-10253
- [jessie] - erlang 1:17.3-dfsg-4+deb8u1
-CVE-2017-7443 [HTTP response splitting]
- [jessie] - apt-cacher 1.7.10+deb8u1
More information about the Secure-testing-commits
mailing list