Author: sectracker
Date: 2014-12-08 21:10:16 +0000 (Mon, 08 Dec 2014)
New Revision: 30602
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-08 21:09:44 UTC (rev 30601)
+++ data/CVE/list 2014-12-08 21:10:16 UTC (rev 30602)
@@ -742,7 +742,7 @@
NOTE: http://www.mantisbt.org/bugs/view.php?id=17877
NOTE: unimportant, source affected but unrelevant for Debian,
upgrade_unattended.php removed also in binary package
CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in
tcpdump ...)
- {DSA-3086-1}
+ {DSA-3086-1 DLA-102-1}
- tcpdump 4.6.2-3
NOTE:
https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda
NOTE: http://seclists.org/tcpdump/2014/q4/72
@@ -819,6 +819,7 @@
RESERVED
- libjpeg-turbo 1:1.3.1-11 (bug #768369)
CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the
Linux ...)
+ {DSA-3093-1}
- linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441
(v3.18-rc6)
@@ -2041,11 +2042,12 @@
- sosreport 3.2-2 (bug #769521)
NOTE: https://github.com/sosreport/sos/issues/425
CVE-2014-8884 (Stack-based buffer overflow in the ...)
+ {DSA-3093-1}
- linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16
(v3.18-rc1)
CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to
obtain ...)
- {DSA-3086-1}
+ {DSA-3086-1 DLA-102-1}
- tcpdump 4.6.2-2 (bug #770424)
NOTE: http://www.securityfocus.com/archive/1/534009/30/0/threaded
CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in
tcpdump ...)
@@ -2054,7 +2056,7 @@
[squeeze] - tcpdump <not-affected> (Vulnerable code added in 4.5.0)
NOTE: http://www.securityfocus.com/archive/1/534010/30/0/threaded
CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6
through ...)
- {DSA-3086-1}
+ {DSA-3086-1 DLA-102-1}
- tcpdump 4.6.2-2 (bug #770434)
NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded
CVE-2014-8742
@@ -2691,6 +2693,7 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
CVE-2014-8500 [A Defect in Delegation Handling Can Be Exploited to Crash BIND]
RESERVED
+ {DSA-3094-1}
- bind9 <unfixed>
NOTE: https://kb.isc.org/article/AA-01216/0
CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password
...)
@@ -3073,6 +3076,7 @@
CVE-2014-8370
RESERVED
CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the
Linux ...)
+ {DSA-3093-1}
- linux 3.16.7-ckt2-1
- linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not
applied)
NOTE: Introduced by
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
@@ -4322,6 +4326,7 @@
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a
(v3.18-rc1)
CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in
the ...)
+ {DSA-3093-1}
- linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE: Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864
(v3.18-rc5)
@@ -14474,6 +14479,7 @@
{DSA-3053-1 DLA-81-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
other ...)
+ {DSA-3092-1}
- arora <unfixed> (unimportant)
- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
