[Secure-testing-commits] r31304 - in data: CVE DSA

Thijs Kinkhorst Tue, 13 Jan 2015 10:53:26 -0800

Author: thijs
Date: 2015-01-13 18:52:36 +0000 (Tue, 13 Jan 2015)
New Revision: 31304


Modified:
   data/CVE/list
   data/DSA/list
Log:
binutils-mingw-w64 also affected by binutils issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-01-13 18:36:42 UTC (rev 31303)
+++ data/CVE/list       2015-01-13 18:52:36 UTC (rev 31304)
@@ -4578,11 +4578,13 @@
        RESERVED
        {DSA-3123-1}
        - binutils 2.24.90.20141124-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: Upstream tracker: 
https://sourceware.org/bugzilla/show_bug.cgi?id=17533
        NOTE: Upstream patch: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
 CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 
2.24 and ...)
        {DSA-3123-1}
        - binutils 2.24.90.20141124-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: Upstream tracker: 
https://sourceware.org/bugzilla/show_bug.cgi?id=17552
        NOTE: Upstream patch: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
 CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 
1.2.2 ...)
@@ -4894,6 +4896,7 @@
 CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in 
bfd/srec.c in ...)
        {DSA-3123-1}
        - binutils 2.24.90.20141104-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
        NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
@@ -4902,17 +4905,20 @@
 CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in 
bfd/ihex.c in ...)
        {DSA-3123-1}
        - binutils 2.24.90.20141104-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
 CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in 
...)
        {DSA-3123-1}
        - binutils 2.24.90.20141104-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
 CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU 
...)
        {DSA-3123-1}
        - binutils 2.24.90.20141104-1
+       - binutils-mingw-w64 <unfixed>
        - gdb <unfixed> (unimportant)
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
 CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 
through ...)
@@ -5065,12 +5071,14 @@
 CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 
2.24 ...)
        {DSA-3123-1}
        - binutils 2.24.90.20141104-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: 
http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
 CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils 
before ...)
        {DSA-3123-1}
        - binutils 2.24.51.20140903-1
+       - binutils-mingw-w64 <unfixed>
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
        NOTE: Upstream commit: 
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
        NOTE: http://openwall.com/lists/oss-security/2014/10/23/5

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2015-01-13 18:36:42 UTC (rev 31303)
+++ data/DSA/list       2015-01-13 18:52:36 UTC (rev 31304)
@@ -1,3 +1,6 @@
+[13 Jan 2015] DSA-3123-2 binutils-mingw-w64 - security update
+       {CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 
CVE-2014-8504 CVE-2014-8737 CVE-2014-8738}
+       [wheezy] - binutils-mingw-w64 2+deb7u1
 [12 Jan 2015] DSA-3126-1 php5 - security update
        [wheezy] - php5 5.4.36-0+deb7u3
 [11 Jan 2015] DSA-3125-1 openssl - security update


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r31304 - in data: CVE DSA

Reply via email to