Author: carnil
Date: 2017-01-14 13:48:56 +0000 (Sat, 14 Jan 2017)
New Revision: 48030
Modified:
data/CVE/list
Log:
More fixes recorded from the jessie 8.7 release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-14 13:20:01 UTC (rev 48029)
+++ data/CVE/list 2017-01-14 13:48:56 UTC (rev 48030)
@@ -5976,7 +5976,7 @@
CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too
verbose ...)
{DLA-734-1}
- mapserver 7.0.3-1
- [jessie] - mapserver <no-dsa> (Minor issue)
+ [jessie] - mapserver 6.4.1-5+deb8u1
NOTE:
https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
NOTE: https://github.com/mapserver/mapserver/pull/4928
NOTE: https://github.com/mapserver/mapserver/pull/5356
@@ -14421,7 +14421,7 @@
RESERVED
{DLA-694-1}
- libwmf 0.2.8.4-10.6 (bug #842090)
- [jessie] - libwmf <no-dsa> (Minor issue)
+ [jessie] - libwmf 0.2.8.4-10.3+deb8u2
NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/9
NOTE:
https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
NOTE: Reproducer:
https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
@@ -14579,12 +14579,11 @@
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2016-8826 (All versions of NVIDIA GPU Display Driver contain a
vulnerability in ...)
- nvidia-graphics-drivers 375.26-1 (bug #848195)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.101-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.101-1 (bug #848196)
- nvidia-graphics-drivers-legacy-304xx 304.134-1 (bug #848197)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
- [wheezy] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4278
CVE-2016-8825 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: Nvidia Windows driver
@@ -14986,9 +14985,9 @@
RESERVED
{DLA-687-1}
- tre 0.8.0-5 (bug #842169)
- [jessie] - tre <no-dsa> (Minor issue)
+ [jessie] - tre 0.8.0-4+deb8u1
- musl 1.1.15-2 (bug #842171)
- [jessie] - musl <no-dsa> (Minor issue)
+ [jessie] - musl 1.1.5-2+deb8u1
NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
NOTE: other issues may still be present in tre after this:
https://github.com/laurikari/tre/issues/37
NOTE: musl patch:
http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7,
not released yet
@@ -15052,61 +15051,61 @@
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8702
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8701
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8700
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8699
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8698
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8697 [AddressSanitizer: FPE on unknown address 0x508d51 in bm_new ...
bitmap.h]
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
CVE-2016-8696
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8695
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8694
RESERVED
{DLA-675-1}
- potrace 1.13-1
- [jessie] - potrace <no-dsa> (Minor issue)
+ [jessie] - potrace 1.12-1+deb8u1
NOTE:
https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 [attempting double-free ... mem_close ... jas_stream.c]
RESERVED
@@ -15276,7 +15275,7 @@
CVE-2016-8649 [lxc-attach to malicious container allows access to host]
RESERVED
- lxc 1:2.0.6-1 (bug #845465)
- [jessie] - lxc <no-dsa> (Minor issue)
+ [jessie] - lxc 1:1.0.6-6+deb8u5
[wheezy] - lxc <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c
NOTE: Details: https://launchpad.net/bugs/1639345
@@ -19297,12 +19296,11 @@
TODO: check
CVE-2016-7389 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA
GPU ...)
- nvidia-graphics-drivers 367.57-1 (bug #846331)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.101-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
- [wheezy] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7388 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA
Windows GPU ...)
TODO: check
@@ -19318,11 +19316,11 @@
TODO: check
CVE-2016-7382 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA
GPU ...)
- nvidia-graphics-drivers 367.57-1 (bug #846331)
- [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers 340.101-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
- [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not
supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7381 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA
Windows GPU ...)
TODO: check
@@ -22249,7 +22247,7 @@
RESERVED
{DLA-593-1}
- nettle 3.3-1 (bug #832983)
- [jessie] - nettle <no-dsa> (Minor issue; Can be fixed via point release)
+ [jessie] - nettle 2.7.1-5+deb8u2
NOTE:
https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
NOTE:
https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
NOTE: Original patch had some unintended side effects:
https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
@@ -80048,7 +80046,7 @@
RESERVED
{DLA-713-1}
- sniffit 0.3.7.beta-20 (bug #845122)
- [jessie] - sniffit <no-dsa> (Can be fixed via point release, not
installed setuid in Debian)
+ [jessie] - sniffit 0.3.7.beta-17+deb8u1
NOTE:
http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone
TG862G/CT ...)
NOT-FOR-US: Arris Touchstone
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
