Author: jmm
Date: 2015-02-19 15:35:31 +0000 (Thu, 19 Feb 2015)
New Revision: 32353
Modified:
data/CVE/list
Log:
no-dsa for jessie: binutils-mingw-w64
spencer regex: openrtp w/o security impact, z88dk n/a
no-dsa for wheezy/squeeze: nut, macchanger
one freetype issue n/a for squeeze/wheezy
busybox tpu fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-19 14:46:23 UTC (rev 32352)
+++ data/CVE/list 2015-02-19 15:35:31 UTC (rev 32353)
@@ -694,8 +694,8 @@
- haskell-regex-posix <not-affected> (only when building on Windows,
see bug #778395)
- cups <not-affected> (Local regex copy only used when building on
Windows, see #778396)
- librcsb-core-wrapper 1.005-3 (bug #778397)
- - openrpt <unfixed> (bug #778398)
- - z88dk <unfixed> (bug #778399)
+ - openrpt <unfixed> (unimportant; bug #778398)
+ - z88dk <not-affected> (Local regex copy only used when building on
Windows, see bug #778399)
- newlib <unfixed> (bug #778408)
[squeeze] - newlib <no-dsa> (Minor issue)
[wheezy] - newlib <no-dsa> (Minor issue)
@@ -716,12 +716,14 @@
NOTE: alpine uses the regex code from glibc, local fallback code not
used
- vigor 0.016-24 (unimportant; bug #778409)
- nvi <unfixed> (unimportant; bug #778412)
- NOTE: No security impact in nvi/vigor
+ NOTE: No security impact in nvi/vigor and openrpt
NOTE: http://www.kb.cert.org/vuls/id/695940
NOTE:
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/16/8
-CVE-2015-XXXX [insecure storage of password]
- - nut 2.7.2-2 (bug #777706)
+CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
+ - nut 2.7.2-2 (low; bug #777706)
+ [wheezy] - nut <no-dsa> (Minor issue)
+ [squeeze] - nut <no-dsa> (Minor issue)
CVE-2015-1877 [command injection vulnerability]
- xdg-utils <unfixed> (bug #777722)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/18/7
@@ -918,6 +920,8 @@
NOTE:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before
2.5.4 ...)
- freetype <unfixed> (bug #777656)
+ [wheezy] - freetype <not-affected> (Vulnerable code not present)
+ [squeeze] - freetype <not-affected> (Vulnerable code not present)
NOTE:
http://code.google.com/p/google-security-research/issues/detail?id=164
NOTE:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with
offset+length ...)
@@ -999,6 +1003,7 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/09/10
CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
- macchanger 1.7.0-5.3 (bug #774898)
+ [wheezy] - macchanger <no-dsa> (Minor issue)
CVE-2015-XXXX [lame missing check for samplerate]
- lame 3.99.5+repack1-6 (bug #775959; bug #777160; bug #777161)
[wheezy] - lame <no-dsa> (Minor issue)
@@ -7840,12 +7845,14 @@
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141124-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE: Upstream tracker:
https://sourceware.org/bugzilla/show_bug.cgi?id=17533
NOTE: Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils
2.24 and ...)
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141124-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE: Upstream tracker:
https://sourceware.org/bugzilla/show_bug.cgi?id=17552
NOTE: Upstream patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin
1.2.2 ...)
@@ -8154,6 +8161,7 @@
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
@@ -8163,6 +8171,7 @@
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
@@ -8170,12 +8179,14 @@
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU
...)
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
- gdb <unfixed> (unimportant)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0
through ...)
@@ -8329,6 +8340,7 @@
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE:
http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
@@ -8336,6 +8348,7 @@
{DSA-3123-2 DSA-3123-1}
- binutils 2.24.51.20140903-1
- binutils-mingw-w64 <unfixed>
+ [jessie] - binutils-mingw-w64 <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
NOTE: Upstream commit:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
NOTE: http://openwall.com/lists/oss-security/2014/10/23/5
@@ -17708,6 +17721,7 @@
- lzo <removed>
- lzo2 2.08-1 (bug #752861)
- busybox 1:1.22.0-10 (bug #768945)
+ [jessie] - busybox 1:1.22.0-9+deb8u1
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in
redirect_to_zeenshare.php ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
