Author: sectracker
Date: 2015-02-22 21:10:27 +0000 (Sun, 22 Feb 2015)
New Revision: 32422
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-22 21:00:38 UTC (rev 32421)
+++ data/CVE/list 2015-02-22 21:10:27 UTC (rev 32422)
@@ -14,6 +14,7 @@
- shadow <unfixed> (unimportant; bug #628843)
NOTE: only affects the su executable, so if you use sudo you're not
affected
CVE-2015-2047 [TYPO3-CORE-SA-2015-001: Authentication Bypass]
+ {DSA-3164-1}
- typo3-src 4.5.40+dfsg1-1 (bug #778870)
NOTE: Remove explicit [wheezy] tagged entry once a CVE is allocated and
cross-reference can be built
[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
@@ -933,6 +934,7 @@
NOTE: https://review.openstack.org/#/c/122427/
CVE-2014-9683 [ecryptfs 1-byte overwrite]
RESERVED
+ {DSA-3169-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc
(v3.19-rc1)
@@ -1016,7 +1018,7 @@
NOT-FOR-US: FlexPaper
CVE-2015-1593 [Linux ASLR integer overflow]
RESERVED
- {DLA-155-1}
+ {DSA-3169-1 DLA-155-1}
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
@@ -1389,6 +1391,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
CVE-2014-9680 [preserves TZ by default]
RESERVED
+ {DSA-3167-1}
- sudo <unfixed> (bug #772707)
NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
@@ -1849,12 +1852,13 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
CVE-2015-1421 [net: sctp: slab corruption from use after free on INIT
collisions]
RESERVED
- {DLA-155-1}
+ {DSA-3169-1 DLA-155-1}
- linux 3.16.7-ckt4-3
- linux-2.6 <removed>
NOTE: Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
CVE-2015-1420 [fs/fhandle.c race condition]
RESERVED
+ {DSA-3169-1}
- linux <unfixed>
- linux-2.6 <not-affected> (Introduced in 2.6.39)
NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
@@ -2031,6 +2035,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]
RESERVED
+ {DSA-3169-1}
- linux 3.16.7-ckt4-2
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
@@ -2039,6 +2044,7 @@
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7
(v3.19-rc1)
CVE-2014-9644 [related to CVE-2013-7421, not handling crypto templates
correctly]
RESERVED
+ {DSA-3169-1}
- linux 3.16.7-ckt4-2
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
@@ -4080,7 +4086,7 @@
CVE-2015-0565
RESERVED
CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux
kernel ...)
- {DLA-155-1}
+ {DSA-3169-1 DLA-155-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb
@@ -6297,6 +6303,7 @@
CVE-2014-9017
RESERVED
CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth
library 4.2.9 ...)
+ {DSA-3168-1}
- ruby-redcloth 4.2.9-4 (bug #774748)
- redcloth <removed>
NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en
@@ -6776,6 +6783,7 @@
RESERVED
CVE-2015-0239 [KVM SYSENTER emulation vulnerability]
RESERVED
+ {DSA-3169-1}
- linux 3.16.7-ckt4-2
- linux-2.6 <removed>
NOTE: Introduced by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c60435261deaefeb53ce3222d04d7d5bea81296
@@ -8586,6 +8594,7 @@
NOTE: also required:
https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b
NOTE: the initial commit would be an incomplete fix and needs
additional changes
CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through
3.17.2 ...)
+ {DSA-3169-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <not-affected> (Introduced in 2.6.38)
NOTE: References in
http://www.openwall.com/lists/oss-security/2014/10/30/7
@@ -9478,7 +9487,7 @@
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only
provides PL/Perl)
CVE-2014-8160 [iptables restriction bypass if a protocol handler kernel module
not loaded]
RESERVED
- {DLA-155-1}
+ {DSA-3169-1 DLA-155-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b
(v3.18-rc1)
@@ -10552,7 +10561,7 @@
NOTE: Fixed by
http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
CVE-2014-7822 [splice: lack of generic write checks]
RESERVED
- {DLA-155-1}
+ {DSA-3169-1 DLA-155-1}
- linux 3.16.2-1
- linux-2.6 <removed>
NOTE: Upstream fixes:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958
(v3.16-rc1)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
