Author: sectracker Date: 2014-12-08 21:10:16 +0000 (Mon, 08 Dec 2014) New Revision: 30602
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-12-08 21:09:44 UTC (rev 30601) +++ data/CVE/list 2014-12-08 21:10:16 UTC (rev 30602) @@ -742,7 +742,7 @@ NOTE: http://www.mantisbt.org/bugs/view.php?id=17877 NOTE: unimportant, source affected but unrelevant for Debian, upgrade_unattended.php removed also in binary package CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump ...) - {DSA-3086-1} + {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-3 NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda NOTE: http://seclists.org/tcpdump/2014/q4/72 @@ -819,6 +819,7 @@ RESERVED - libjpeg-turbo 1:1.3.1-11 (bug #768369) CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux ...) + {DSA-3093-1} - linux 3.16.7-ckt2-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6) @@ -2041,11 +2042,12 @@ - sosreport 3.2-2 (bug #769521) NOTE: https://github.com/sosreport/sos/issues/425 CVE-2014-8884 (Stack-based buffer overflow in the ...) + {DSA-3093-1} - linux 3.16.7-ckt2-1 - linux-2.6 <removed> NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1) CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain ...) - {DSA-3086-1} + {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-2 (bug #770424) NOTE: http://www.securityfocus.com/archive/1/534009/30/0/threaded CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in tcpdump ...) @@ -2054,7 +2056,7 @@ [squeeze] - tcpdump <not-affected> (Vulnerable code added in 4.5.0) NOTE: http://www.securityfocus.com/archive/1/534010/30/0/threaded CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 through ...) - {DSA-3086-1} + {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-2 (bug #770434) NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded CVE-2014-8742 @@ -2691,6 +2693,7 @@ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e CVE-2014-8500 [A Defect in Delegation Handling Can Be Exploited to Crash BIND] RESERVED + {DSA-3094-1} - bind9 <unfixed> NOTE: https://kb.isc.org/article/AA-01216/0 CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password ...) @@ -3073,6 +3076,7 @@ CVE-2014-8370 RESERVED CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...) + {DSA-3093-1} - linux 3.16.7-ckt2-1 - linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not applied) NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 @@ -4322,6 +4326,7 @@ [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1) CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the ...) + {DSA-3093-1} - linux 3.16.7-ckt2-1 - linux-2.6 <removed> NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5) @@ -14474,6 +14479,7 @@ {DSA-3053-1 DLA-81-1} - openssl 1.0.1j-1 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...) + {DSA-3092-1} - arora <unfixed> (unimportant) - bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled) NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits