[Secure-testing-commits] r42563 - data/CVE
Author: carnil Date: 2016-06-16 06:29:07 + (Thu, 16 Jun 2016) New Revision: 42563 Modified: data/CVE/list Log: Add CVE-2016-4809/libarchive Modified: data/CVE/list === --- data/CVE/list 2016-06-16 06:26:15 UTC (rev 42562) +++ data/CVE/list 2016-06-16 06:29:07 UTC (rev 42563) @@ -2060,6 +2060,9 @@ NOTE: https://launchpad.net/bugs/1577558 CVE-2016-4809 RESERVED + - libarchive + NOTE: https://github.com/libarchive/libarchive/issues/705 + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02 CVE-2016-4808 RESERVED CVE-2016-4807 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42562 - data/CVE
Author: carnil Date: 2016-06-16 06:26:15 + (Thu, 16 Jun 2016) New Revision: 42562 Modified: data/CVE/list Log: CVE-2016-4171 NFU Modified: data/CVE/list === --- data/CVE/list 2016-06-16 05:00:12 UTC (rev 42561) +++ data/CVE/list 2016-06-16 06:26:15 UTC (rev 42562) @@ -3722,6 +3722,7 @@ RESERVED CVE-2016-4171 RESERVED + NOT-FOR-US: Adobe Flash Player CVE-2016-4170 RESERVED CVE-2016-4169 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42561 - data/CVE
Author: carnil Date: 2016-06-16 05:00:12 + (Thu, 16 Jun 2016) New Revision: 42561 Modified: data/CVE/list Log: Three CVEs for linux fixed in unstable Modified: data/CVE/list === --- data/CVE/list 2016-06-16 04:30:15 UTC (rev 42560) +++ data/CVE/list 2016-06-16 05:00:12 UTC (rev 42561) @@ -574,11 +574,11 @@ - expat 2.1.1-3 CVE-2016-5244 [rds: fix an infoleak in rds_inc_info_copy] RESERVED - - linux + - linux 4.6.2-1 NOTE: https://patchwork.ozlabs.org/patch/629110/ CVE-2016-5243 [tipc: an infoleak in tipc_nl_compat_link_dump] RESERVED - - linux + - linux 4.6.2-1 NOTE: https://patchwork.ozlabs.org/patch/629100/ CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...) - xen @@ -11928,7 +11928,7 @@ RESERVED CVE-2016-1583 RESERVED - - linux + - linux 4.6.2-1 CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an ...) - lxd (bug #768073) CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42560 - data/CVE
Author: carnil Date: 2016-06-16 04:30:15 + (Thu, 16 Jun 2016) New Revision: 42560 Modified: data/CVE/list Log: Add one drupal7 issue Modified: data/CVE/list === --- data/CVE/list 2016-06-16 01:25:14 UTC (rev 42559) +++ data/CVE/list 2016-06-16 04:30:15 UTC (rev 42560) @@ -1,3 +1,6 @@ +CVE-2016- [SA-CORE-2016-002 -- User module -- Saving user accounts can sometimes grant the user all roles] + - drupal7 7.44-1 + NOTE: https://www.drupal.org/SA-CORE-2016-002 CVE-2016-5433 RESERVED CVE-2016-5434 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42559 - data
Author: pabs Date: 2016-06-16 01:25:14 + (Thu, 16 Jun 2016) New Revision: 42559 Modified: data/embedded-code-copies Log: cgit embeds git Modified: data/embedded-code-copies === --- data/embedded-code-copies 2016-06-16 01:23:01 UTC (rev 42558) +++ data/embedded-code-copies 2016-06-16 01:25:14 UTC (rev 42559) @@ -3036,3 +3036,6 @@ bubblewrap - flatpak (embed; bug #824647) + +git + - cgit (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42558 - data/CVE
Author: pabs
Date: 2016-06-16 01:23:01 + (Thu, 16 Jun 2016)
New Revision: 42558
Modified:
data/CVE/list
Log:
CVE-2016-2315: also fixed in cgit 1.0+git2.8.3-1 (bug #827405)
Reported-by: victory on #debian-security
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-15 21:10:10 UTC (rev 42557)
+++ data/CVE/list 2016-06-16 01:23:01 UTC (rev 42558)
@@ -9203,6 +9203,7 @@
CVE-2016-2315 (revision.c in git before 2.7.4 uses an incorrect integer data
type, ...)
{DSA-3521-1}
- git 1:2.7.0-1 (bug #818318)
+ - cgit 1.0+git2.8.3-1 (bug #827405)
NOTE:
https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305
(v2.7.0-rc0)
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882
devices ...)
NOT-FOR-US: Huawei
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42557 - data/CVE
Author: sectracker
Date: 2016-06-15 21:10:10 + (Wed, 15 Jun 2016)
New Revision: 42557
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-15 15:01:48 UTC (rev 42556)
+++ data/CVE/list 2016-06-15 21:10:10 UTC (rev 42557)
@@ -1,4 +1,7 @@
+CVE-2016-5433
+ RESERVED
CVE-2016-5434
+ RESERVED
NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432
RESERVED
@@ -130,12 +133,12 @@
RESERVED
CVE-2016-5368
RESERVED
-CVE-2016-5367
- RESERVED
-CVE-2016-5366
- RESERVED
-CVE-2016-5365
- RESERVED
+CVE-2016-5367 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier
allow ...)
+ TODO: check
+CVE-2016-5366 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier
allow ...)
+ TODO: check
+CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with
...)
+ TODO: check
CVE-2016-5364
RESERVED
{DLA-512-1}
@@ -188,8 +191,7 @@
- haproxy 1.6.5-2 (bug #826869)
[jessie] - haproxy (Issue introduced in 1.6.0)
NOTE: Fixed by:
http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
-CVE-2016-5338 [scsi: esp: OOB r/w access while processing ESP_FIFO]
- RESERVED
+CVE-2016-5338 (The (1) esp_reg_read and (2) esp_reg_write functions in
hw/scsi/esp.c ...)
- qemu 1:2.6+dfsg-2 (bug #827024)
[jessie] - qemu (Minor issue)
[wheezy] - qemu (Minor issue)
@@ -198,8 +200,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
NOTE:
http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
-CVE-2016-5337 [scsi: megasas: information leakage in megasas_ctrl_get_info]
- RESERVED
+CVE-2016-5337 (The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU
allows ...)
- qemu 1:2.6+dfsg-2 (bug #827026)
[jessie] - qemu (Minor issue)
[wheezy] - qemu (Vulnerable code not present)
@@ -761,8 +762,7 @@
- graphicsmagick 1.3.24-1
- imagemagick
NOTE:
http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
-CVE-2016-5238 [scsi: esp: OOB write when using non-DMA mode in get_cmd]
- RESERVED
+CVE-2016-5238 (The get_cmd function in hw/scsi/esp.c in QEMU might allow local
guest ...)
- qemu 1:2.6+dfsg-3 (bug #826152)
[jessie] - qemu (Minor issue)
[wheezy] - qemu (Minor issue)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42556 - data/CVE
Author: carnil Date: 2016-06-15 15:01:48 + (Wed, 15 Jun 2016) New Revision: 42556 Modified: data/CVE/list Log: Correct (temporary) description for CVE-2016-5323 Modified: data/CVE/list === --- data/CVE/list 2016-06-15 14:38:11 UTC (rev 42555) +++ data/CVE/list 2016-06-15 15:01:48 UTC (rev 42556) @@ -300,7 +300,7 @@ NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b CVE-2016-5324 RESERVED -CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): divide by zero] +CVE-2016-5323 [tiffcrop _TIFFFax3fillruns(): NULL pointer dereference] RESERVED - tiff - tiff3 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42555 - data/CVE
Author: carnil Date: 2016-06-15 14:38:11 + (Wed, 15 Jun 2016) New Revision: 42555 Modified: data/CVE/list Log: Update CVE-2016-4983 Modified: data/CVE/list === --- data/CVE/list 2016-06-15 14:26:24 UTC (rev 42554) +++ data/CVE/list 2016-06-15 14:38:11 UTC (rev 42555) @@ -1404,8 +1404,7 @@ TODO: Most likely Red Hat-specific CVE-2016-4983 RESERVED - - dovecot - TODO: Most likely Red Hat-specific + - dovecot (Specific to Red Hat packaging) CVE-2016-4982 RESERVED NOT-FOR-US: authd ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42553 - data/CVE
Author: carnil Date: 2016-06-15 14:24:14 + (Wed, 15 Jun 2016) New Revision: 42553 Modified: data/CVE/list Log: Remove one zfs-linux entry Rationale: please explain in brackets otherwise why it's not affected (e.g. vulnerable code not present, or what applies). Modified: data/CVE/list === --- data/CVE/list 2016-06-15 14:24:04 UTC (rev 42552) +++ data/CVE/list 2016-06-15 14:24:14 UTC (rev 42553) @@ -131983,7 +131983,6 @@ CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...) - kfreebsd-6 (vulnerable code introduced in freebsd 7) - kfreebsd-7 7.2-10 (medium; bug #566684) - - zfs-linux [lenny] - kfreebsd-7 (kfreebsd not support in Lenny) - kfreebsd-8 8.0-2 (medium) CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42554 - data/CVE
Author: carnil Date: 2016-06-15 14:26:24 + (Wed, 15 Jun 2016) New Revision: 42554 Modified: data/CVE/list Log: CVE-2015-3400: Add explanation Modified: data/CVE/list === --- data/CVE/list 2016-06-15 14:24:14 UTC (rev 42553) +++ data/CVE/list 2016-06-15 14:26:24 UTC (rev 42554) @@ -31615,7 +31615,7 @@ RESERVED CVE-2015-3400 RESERVED - - zfs-linux + - zfs-linux (Specific to packages on archive.zfsonlinux.org repositories) NOTE: Issue with ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories NOTE: https://github.com/zfsonlinux/zfs/issues/3319 CVE-2015-3338 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42552 - data/CVE
Author: carnil Date: 2016-06-15 14:24:04 + (Wed, 15 Jun 2016) New Revision: 42552 Modified: data/CVE/list Log: Group source package names entries Modified: data/CVE/list === --- data/CVE/list 2016-06-15 13:38:44 UTC (rev 42551) +++ data/CVE/list 2016-06-15 14:24:04 UTC (rev 42552) @@ -4545,8 +4545,8 @@ - php7.0 7.0.5-1 - php5 5.6.20+dfsg-1 - file 1:5.24-1 (bug #827377) + [jessie] - file (Minor issue, magic file needs to be under attacker control) - hhvm - [jessie] - file (Minor issue, magic file needs to be under attacker control) NOTE: http://bugs.gw.com/view.php?id=522 NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 NOTE: https://bugs.php.net/bug.php?id=71527 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42551 - data/CVE
Author: pere Date: 2016-06-15 13:38:44 + (Wed, 15 Jun 2016) New Revision: 42551 Modified: data/CVE/list Log: Add zfs-linux refs for CVE-2010-0318 and CVE-2015-3400. Not affected, as far as I can tell. Modified: data/CVE/list === --- data/CVE/list 2016-06-15 13:37:35 UTC (rev 42550) +++ data/CVE/list 2016-06-15 13:38:44 UTC (rev 42551) @@ -31615,7 +31615,9 @@ RESERVED CVE-2015-3400 RESERVED - NOT-FOR-US: ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories + - zfs-linux + NOTE: Issue with ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories + NOTE: https://github.com/zfsonlinux/zfs/issues/3319 CVE-2015-3338 RESERVED CVE-2015-3337 (Directory traversal vulnerability in Elasticsearch before 1.4.5 and ...) @@ -131981,6 +131983,7 @@ CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...) - kfreebsd-6 (vulnerable code introduced in freebsd 7) - kfreebsd-7 7.2-10 (medium; bug #566684) + - zfs-linux [lenny] - kfreebsd-7 (kfreebsd not support in Lenny) - kfreebsd-8 8.0-2 (medium) CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42550 - data/CVE
Author: pere
Date: 2016-06-15 13:37:35 + (Wed, 15 Jun 2016)
New Revision: 42550
Modified:
data/CVE/list
Log:
Reported file bug #827377 for VE-2015-8865.
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-15 11:42:41 UTC (rev 42549)
+++ data/CVE/list 2016-06-15 13:37:35 UTC (rev 42550)
@@ -4544,7 +4544,7 @@
{DSA-3560-1 DLA-499-1 DLA-460-1}
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
- - file 1:5.24-1
+ - file 1:5.24-1 (bug #827377)
- hhvm
[jessie] - file (Minor issue, magic file needs to be under
attacker control)
NOTE: http://bugs.gw.com/view.php?id=522
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42549 - data/CVE
Author: carnil Date: 2016-06-15 11:42:41 + (Wed, 15 Jun 2016) New Revision: 42549 Modified: data/CVE/list Log: Mark CVE-2010-5321 as unimportant, add NOTE with explanation Modified: data/CVE/list === --- data/CVE/list 2016-06-15 11:08:53 UTC (rev 42548) +++ data/CVE/list 2016-06-15 11:42:41 UTC (rev 42549) @@ -41339,8 +41339,9 @@ NOT-FOR-US: Smoothwall CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()] RESERVED - - linux (bug #827340) - - linux-2.6 + - linux (unimportant; bug #827340) + - linux-2.6 (unimportant) + NOTE: Unclear, old report for Linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0 CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT ...) NOT-FOR-US: MemHT Portal ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42548 - data/CVE
Author: carnil Date: 2016-06-15 11:08:53 + (Wed, 15 Jun 2016) New Revision: 42548 Modified: data/CVE/list Log: Two more CVEs fixed with qemu upload to unstable Modified: data/CVE/list === --- data/CVE/list 2016-06-15 10:42:17 UTC (rev 42547) +++ data/CVE/list 2016-06-15 11:08:53 UTC (rev 42548) @@ -3048,7 +3048,7 @@ RESERVED NOT-FOR-US: Red Hat Subscription Manager CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU ...) - - qemu + - qemu 1:2.6+dfsg-3 [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm @@ -3056,7 +3056,7 @@ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429 CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...) - - qemu + - qemu 1:2.6+dfsg-3 [jessie] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - qemu-kvm ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42547 - data/CVE
Author: carnil
Date: 2016-06-15 10:42:17 + (Wed, 15 Jun 2016)
New Revision: 42547
Modified:
data/CVE/list
Log:
Update for CVE-2016-137{1,2}, same upstream version in jessie
Modified: data/CVE/list
===
--- data/CVE/list 2016-06-15 08:23:32 UTC (rev 42546)
+++ data/CVE/list 2016-06-15 10:42:17 UTC (rev 42547)
@@ -12540,11 +12540,13 @@
CVE-2016-1372
RESERVED
- clamav 0.99.2+dfsg-1
+ [jessie] - clamav 0.99.2+dfsg-0+deb8u1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
NOTE:
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1371
RESERVED
- clamav 0.99.2+dfsg-1
+ [jessie] - clamav 0.99.2+dfsg-0+deb8u1
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
NOTE:
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42546 - data/CVE
Author: pere Date: 2016-06-15 08:23:32 + (Wed, 15 Jun 2016) New Revision: 42546 Modified: data/CVE/list Log: Document bug numbers for issue in automake1.11 and automake-1.14. Modified: data/CVE/list === --- data/CVE/list 2016-06-15 07:09:41 UTC (rev 42545) +++ data/CVE/list 2016-06-15 08:23:32 UTC (rev 42546) @@ -51208,8 +51208,8 @@ NOTE: http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch) NOTE: http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch) CVE-2014- [install-sh: insecure use of /tmp] - - automake1.11 (low) - - automake-1.14 (low) + - automake1.11 (low; bug #827346) + - automake-1.14 (low; bug #827347) [jessie] - automake-1.14 (Minor issue) - automake-1.15 1:1.15-3 (low; bug #760455) NOTE: http://seclists.org/oss-sec/2014/q3/588 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42545 - data/CVE
Author: carnil Date: 2016-06-15 07:09:41 + (Wed, 15 Jun 2016) New Revision: 42545 Modified: data/CVE/list Log: Adjust automake-1.14 entry Modified: data/CVE/list === --- data/CVE/list 2016-06-15 07:06:03 UTC (rev 42544) +++ data/CVE/list 2016-06-15 07:09:41 UTC (rev 42545) @@ -51209,10 +51209,9 @@ NOTE: http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch) CVE-2014- [install-sh: insecure use of /tmp] - automake1.11 (low) - - automake-1.14 (low) - - automake-1.15 1:1.15-3 (low; bug #760455) + - automake-1.14 (low) [jessie] - automake-1.14 (Minor issue) - TODO: check other automake versions + - automake-1.15 1:1.15-3 (low; bug #760455) NOTE: http://seclists.org/oss-sec/2014/q3/588 CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and ...) NOT-FOR-US: SAP NetWeaver ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r42544 - data/CVE
Author: pere Date: 2016-06-15 07:06:03 + (Wed, 15 Jun 2016) New Revision: 42544 Modified: data/CVE/list Log: Attribute bug #760455 to automake-1.15, not automake-1.14, and note the issue also affect automake1.11. Modified: data/CVE/list === --- data/CVE/list 2016-06-15 06:55:39 UTC (rev 42543) +++ data/CVE/list 2016-06-15 07:06:03 UTC (rev 42544) @@ -51208,10 +51208,12 @@ NOTE: http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch) NOTE: http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch) CVE-2014- [install-sh: insecure use of /tmp] - - automake-1.15 1:1.15-3 - - automake-1.14 (low; bug #760455) + - automake1.11 (low) + - automake-1.14 (low) + - automake-1.15 1:1.15-3 (low; bug #760455) [jessie] - automake-1.14 (Minor issue) TODO: check other automake versions + NOTE: http://seclists.org/oss-sec/2014/q3/588 CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and ...) NOT-FOR-US: SAP NetWeaver CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
