Author: sectracker Date: 2015-06-14 21:10:13 +0000 (Sun, 14 Jun 2015) New Revision: 34943
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-06-14 20:51:47 UTC (rev 34942) +++ data/CVE/list 2015-06-14 21:10:13 UTC (rev 34943) @@ -705,6 +705,7 @@ NOT-FOR-US: AVM Fritz!Box CVE-2014-9731 [udf: information leakage when reading symlink] RESERVED + {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 <removed> @@ -721,6 +722,7 @@ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8 CVE-2014-9730 [properly ignore component length for component types that do not use it] RESERVED + {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 <removed> @@ -728,6 +730,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7 CVE-2014-9729 [iinfo->i_lenAlloc != inode->i_size] RESERVED + {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 <removed> @@ -735,6 +738,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7 CVE-2014-9728 [length can be too long (addressed in three commits)] RESERVED + {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 <removed> @@ -744,6 +748,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7 CVE-2015-4167 [fs: udf kernel oops] RESERVED + {DLA-246-1} - linux 4.0.2-1 - linux-2.6 <removed> NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1) @@ -2796,6 +2801,7 @@ NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b NOTE: https://bugzilla.novell.com/show_bug.cgi?id=928520 (not public yet) CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in ...) + {DSA-3288-1} - ffmpeg 7:2.6.1-1 [squeeze] - ffmpeg <not-affected> (Vulnerable code not present) - libav 6:11.4-1 @@ -2820,6 +2826,7 @@ RESERVED CVE-2015-3395 [invalid memory access] RESERVED + {DSA-3288-1} - ffmpeg 7:2.6.2-1 [squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS) - libav 6:11.4-1 @@ -2979,7 +2986,7 @@ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd NOTE: https://bugs.php.net/bug.php?id=68819 CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the ...) - {DSA-3237-1} + {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-3 - linux-2.6 <removed> NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543 @@ -3805,7 +3812,7 @@ - webodf <itp> (bug #727529) NOTE: owncloud-documents <not-affected> (embedded partial copy doesn't contain the related code) CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does ...) - {DSA-3252-1} + {DSA-3252-2 DSA-3252-1} - sqlite3 3.8.9-1 (bug #783968) NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e NOTE: http://seclists.org/bugtraq/2015/Apr/97 @@ -4360,7 +4367,7 @@ [squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS) NOTE: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the ...) - {DSA-3237-1} + {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-1 - linux-2.6 <removed> NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a @@ -4404,7 +4411,7 @@ CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...) NOT-FOR-US: SAP NetWeaver Portal CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not ...) - {DSA-3237-1} + {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-1 - linux-2.6 <removed> NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3) @@ -5936,6 +5943,7 @@ RESERVED CVE-2011-5321 [tty: kobject reference leakage in tty_open] RESERVED + {DLA-246-1} - linux 3.2.20-1 - linux-2.6 3.2.1-1 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1) @@ -6987,14 +6995,14 @@ CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...) NOT-FOR-US: Google Doc Embedder plugin for WordPress CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect ...) - {DSA-3237-1} + {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-1 - linux-2.6 <removed> [squeeze] - linux-2.6 <no-dsa> (Minor issue) NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 (v3.19) NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93 (v2.6.30-rc1) CVE-2015-2041 (net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an ...) - {DSA-3237-1} + {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-1 - linux-2.6 <removed> [squeeze] - linux-2.6 <no-dsa> (Minor issue) @@ -7270,6 +7278,7 @@ NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1805 [pipe: iovec overrun leading to memory corruption] RESERVED + {DLA-246-1} - linux 3.16.2-2 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 (v3.16-rc1) @@ -7800,7 +7809,7 @@ [wheezy] - glance <not-affected> (Vulnerable code not present) NOTE: https://review.openstack.org/#/c/122427/ CVE-2014-9683 (Off-by-one error in the ecryptfs_decode_from_filename function in ...) - {DSA-3170-1} + {DSA-3170-1 DLA-246-1} - linux 3.16.7-ckt4-1 - linux-2.6 <removed> NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1) @@ -8361,6 +8370,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/11 CVE-2012-6689 [incorrect validation of netlink message origin allows attackers to spoof netlink messages] RESERVED + {DLA-246-1} - linux 3.6.4-1 [wheezy] - linux 3.2.30-1 - linux-2.6 <removed> @@ -11837,6 +11847,7 @@ - linux-2.6 <removed> NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3) CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary files via a ...) + {DLA-245-1} - p7zip 9.20.1~dfsg.1-4.2 (bug #774660) NOTE: Upstream bug: http://sourceforge.net/p/p7zip/bugs/147/ CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...) @@ -16906,7 +16917,7 @@ NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1) NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before ...) - {DSA-3237-1} + {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-1 - linux-2.6 <removed> CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...) @@ -29474,6 +29485,7 @@ NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98 NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3) CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel ...) + {DLA-246-1} - linux 3.16.2-2 [wheezy] - linux 3.2.63-1 - linux-2.6 <removed> _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits