[Secure-testing-commits] r30560 - data/CVE

Moritz Muehlenhoff Fri, 05 Dec 2014 10:02:25 -0800

Author: jmm
Date: 2014-12-05 18:01:39 +0000 (Fri, 05 Dec 2014)
New Revision: 30560


Modified:
   data/CVE/list
Log:
record jenkins documentation/fix
speech-dispatcher fixed
two kernel issues n/a for squeeze
mark kvm issues as no-dsa for squeeze
hivex no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-12-05 15:53:03 UTC (rev 30559)
+++ data/CVE/list       2014-12-05 18:01:39 UTC (rev 30560)
@@ -548,7 +548,9 @@
        NOTE: https://www.mantisbt.org/bugs/view.php?id=17841
        NOTE: http://github.com/mantisbt/mantisbt/commit/b0021673
 CVE-2014-9273 [does not properly handle small-sized hive files]
-       - hivex 1.3.11-1
+       - hivex 1.3.11-1 (low)
+       [wheezy] - hivex <no-dsa> (Minor issue)
+       [squeeze] - hivex <no-dsa> (Minor issue)
        NOTE: 
https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb
        NOTE: 
https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705
 CVE-2014-9087 (Integer underflow in the ksba_oid_to_str function in Libksba 
before ...)
@@ -4073,6 +4075,7 @@
 CVE-2014-7842 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 
3.17.4 ...)
        - linux <unfixed>
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
        NOTE: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a
 (v3.18-rc1)
 CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in 
the ...)
        - linux <unfixed>
@@ -13779,6 +13782,7 @@
        {DSA-3060-1}
        - linux 3.16.7-1
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
        NOTE: Upstream fix: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a
 (v3.18-rc1)
 CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows 
local ...)
        {DSA-3067-1 DSA-3066-1}
@@ -13863,6 +13867,9 @@
 CVE-2014-3665
        RESERVED
        - jenkins <unfixed> (bug #767541)
+       [jessie] - jenkins 1.565.3-3
+       NOTE: For jessie, the backport is too intrusive and since it's a 
cornercase, it's only documented, 
+       NOTE: marking that version as fixed, for unstable we'll record the 
actual new version with the code fix
        NOTE: 
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
 CVE-2014-3664 (Directory traversal vulnerability in CloudBees Jenkins before 
1.583 ...)
        - jenkins 1.565.3-1 (bug #763899)
@@ -13920,6 +13927,7 @@
        {DSA-3060-1}
        - linux 3.16.7-1
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
        NOTE: 
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=234f3ce485d54017f15cf5e0699cff4100121601
        NOTE: 
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=d1442d85cc30ea75f7d399474ca738e0bc96f715
 CVE-2014-3646 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel 
through ...)
@@ -13931,6 +13939,7 @@
        {DSA-3060-1}
        - linux 3.12.6-1
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
        NOTE: 
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e
 (v3.12-rc1)
 CVE-2014-3644
        RESERVED
@@ -14066,11 +14075,13 @@
        {DSA-3060-1}
        - linux 3.16.7-1
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
        NOTE: 
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=2febc839133280d5a5e8e1179c94ea674489dae2
 CVE-2014-3610 (The WRMSR processing functionality in the KVM subsystem in the 
Linux ...)
        {DSA-3060-1}
        - linux 3.16.7-1
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
        NOTE: 
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
        NOTE: 
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=8b3c3104c3f4f706e99365c3e0d2aa61b95f969f
        NOTE: Enabling CONFIG_PARAVIRT when building the kernel mitigates this 
issue.
@@ -15444,7 +15455,7 @@
 CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request 
function in ...)
        - linux 3.16.2-2
        [wheezy] - linux 3.2.63-1
-       - linux-2.6 <removed>
+       - linux-2.6 <not-affected> (Vulnerable code not present)
        NOTE: 
https://code.google.com/p/google-security-research/issues/detail?id=90
        NOTE: Upstream fix: 
https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 
(v3.17-rc2)
 CVE-2014-3182 (Array index error in the logi_dj_raw_event function in ...)
@@ -19487,7 +19498,7 @@
        {DSA-2905-1}
        - chromium-browser 34.0.1847.116-1
        [squeeze] - chromium-browser <end-of-life>
-       - speech-dispatcher <unfixed> (low; bug #745808)
+       - speech-dispatcher 0.8-7 (low; bug #745808)
        [squeeze] - speech-dispatcher <no-dsa> (Minor issue)
        [wheezy] - speech-dispatcher <no-dsa> (Minor issue)
        NOTE: no specific information available (possibly already be fixed in 
0.8), the fix in chromium was to disable speechd by default


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r30560 - data/CVE

Reply via email to