Author: jmm Date: 2014-11-11 11:52:41 +0000 (Tue, 11 Nov 2014) New Revision: 29966
Modified: data/CVE/list Log: more fixes for glibc/eglibc Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-11-11 11:48:26 UTC (rev 29965) +++ data/CVE/list 2014-11-11 11:52:41 UTC (rev 29966) @@ -10621,7 +10621,8 @@ [wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8) [squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8) CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...) - - eglibc 2.19-2 (low; bug #751774) + - eglibc <removed> + - glibc 2.19-2 (low; bug #751774) [wheezy] - eglibc <no-dsa> (Minor issue) [squeeze] - eglibc <no-dsa> (Minor issue) CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...) @@ -27773,7 +27774,8 @@ CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before ...) NOT-FOR-US: Cotonti CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...) - - eglibc 2.17-94 (low; bug #717178) + - glibc 2.17-94 (low; bug #717178) + - eglibc <removed> [wheezy] - eglibc 2.13-38+deb7u1 [squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to statically linked binaries) CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...) @@ -28813,7 +28815,8 @@ CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...) - lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch) CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...) - - eglibc 2.18-1 (low; bug #727181) + - eglibc <removed> + - glibc 2.18-1 (low; bug #727181) [wheezy] - eglibc 2.13-38+deb7u1 [squeeze] - eglibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html @@ -34764,7 +34767,8 @@ [squeeze] - tpp <no-dsa> (Minor issue) [wheezy] - tpp <no-dsa> (Minor issue) CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not ...) - - eglibc <unfixed> (low; bug #717544) + - eglibc <removed> + - glibc <unfixed> (low; bug #717544) [squeeze] - eglibc <no-dsa> (Minor issue) [wheezy] - eglibc <no-dsa> (Minor issue) CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in ...) @@ -35764,7 +35768,8 @@ NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2 CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...) - - eglibc 2.17-2 (low; bug #704623) + - eglibc <removed> + - glibc 2.17-2 (low; bug #704623) [wheezy] - eglibc 2.13-38+deb7u1 [squeeze] - eglibc <no-dsa> (Minor issue) CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...) @@ -40992,7 +40997,8 @@ - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...) - - eglibc 2.17-2 (low; bug #699399) + - eglibc <removed> + - glibc 2.17-2 (low; bug #699399) [wheezy] - eglibc 2.13-38+deb7u1 [squeeze] - eglibc <no-dsa> (Minor issue) NOTE: http://seclists.org/oss-sec/2013/q1/202 @@ -46907,7 +46913,8 @@ - spice-gtk 0.12-5 (bug #689155) NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...) - - eglibc 2.17-94 (low; bug #689423) + - eglibc <removed> + - glibc 2.17-94 (low; bug #689423) [wheezy] - eglibc 2.13-38+deb7u1 [squeeze] - eglibc <no-dsa> (Minor issue) CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits