Author: lamby
Date: 2016-01-11 12:59:40 +0000 (Mon, 11 Jan 2016)
New Revision: 38840
Modified:
data/CVE/list
data/dla-needed.txt
Log:
triage lts issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-11 12:59:31 UTC (rev 38839)
+++ data/CVE/list 2016-01-11 12:59:40 UTC (rev 38840)
@@ -140,6 +140,7 @@
RESERVED
CVE-2016-1564 [cross-site scripting vulnerability]
- wordpress 4.4.1+dfsg-1 (bug #810325)
+ [squeeze] - wordpress <not-affected> (Vulnerable code not present)
NOTE:
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
NOTE: https://core.trac.wordpress.org/changeset/36185
NOTE: https://wpvulndb.com/vulnerabilities/8358
@@ -675,66 +676,77 @@
RESERVED
CVE-2015-8742 (The dissect_CPMSetBindings function in
epan/dissectors/packet-mswsp.c ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-60.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d48b0eff28c995947ac3f8d842ddd9b50dd5798d
TODO: check
CVE-2015-8741 (The dissect_ppi function in epan/dissectors/packet-ppi.c in the
PPI ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2290eba5cb25f927f9142680193ac1158d35506e
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11876
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-59.html
TODO: check
CVE-2015-8740 (The dissect_tds7_colmetadata_token function in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e78093f69f1e95df919bbe644baa06c7e4e720c0
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11846
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-58.html
TODO: check
CVE-2015-8739 (The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c
in the ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96bf82ced0b58c7a4c2a6c300efeebe4f05c0ff4
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11831
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-57.html
TODO: check
CVE-2015-8738 (The s7comm_decode_ud_cpu_szl_subfunc function in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=858c3f0079f987833fb22eba2c361d1a88ba4103
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11823
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-56.html
TODO: check
CVE-2015-8737 (The mp2t_open function in wiretap/mp2t.c in the MP2T file
parser in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e3fc691368af60bbbaec9e038ee6a6d3b7707955
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11821
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-55.html
TODO: check
CVE-2015-8736 (The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T
file ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=baa3eab78b422616a92ee38551c1b1510dca4ccb
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11820
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-54.html
TODO: check
CVE-2015-8735 (The get_value function in epan/dissectors/packet-btatt.c in the
...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-53.html
TODO: check
CVE-2015-8734 (The dissect_nwp function in epan/dissectors/packet-nwp.c in the
NWP ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2c889abe0219fc162659e106c5b95deb6268f3
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11726
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-52.html
TODO: check
CVE-2015-8733 (The ngsniffer_process_record function in wiretap/ngsniffer.c in
the ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=53a3e53fce30523d11ab3df319fba7b75d63076f
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-51.html
TODO: check
CVE-2015-8732 (The dissect_zcl_pwr_prof_pwrprofstatersp function in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9352616ec9742f2ed3d2802d0c8c100d51ca410b
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
@@ -742,36 +754,42 @@
TODO: check
CVE-2015-8731 (The dissct_rsl_ipaccess_msg function in
epan/dissectors/packet-rsl.c ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-49.html
TODO: check
CVE-2015-8730 (epan/dissectors/packet-nbap.c in the NBAP dissector in
Wireshark ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d2644aef369af0667220b5bd69996915b29d753d
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-48.html
TODO: check
CVE-2015-8729 (The ascend_seek function in wiretap/ascendtext.c in the Ascend
file ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-47.html
TODO: check
CVE-2015-8728 (The Mobile Identity parser in (1)
epan/dissectors/packet-ansi_a.c in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-46.html
TODO: check
CVE-2015-8727 (The dissect_rsvp_common function in
epan/dissectors/packet-rsvp.c in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56baca60271379cb97f6a4a6bf72eb526e8b52d0
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11793
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-45.html
TODO: check
CVE-2015-8726 (wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x
before ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
@@ -780,24 +798,28 @@
TODO: check
CVE-2015-8725 (The dissect_diameter_base_framed_ipv6_prefix function in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=aaa28a9d39158ca1033bbd3372cf423abbf4f202
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-43.html
TODO: check
CVE-2015-8724 (The AirPDcapDecryptWPABroadcastKey function in
epan/crypt/airpdcap.c ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83f2818118ae255db949bb3a4b3a26ebd1c5f7c5
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html
TODO: check
CVE-2015-8723 (The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in
the ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b283181c63cb28bc6f58d80315eccca6650da0
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html
TODO: check
CVE-2015-8722 (epan/dissectors/packet-sctp.c in the SCTP dissector in
Wireshark ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2259bf8a827088081bef101f98e4983de8aa8099
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b32d505a59475d51d9b2bed5f0869d2d154e8b6
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767
@@ -805,64 +827,75 @@
TODO: check
CVE-2015-8721 (Buffer overflow in the tvb_uncompress function in
epan/tvbuff_zlib.c ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-40.html
TODO: check
CVE-2015-8720 (The dissect_ber_GeneralizedTime function in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=921bb07115fbffc081ec56a5022b4a9d58db6d39
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-39.html
TODO: check
CVE-2015-8719 (The dissect_dns_answer function in epan/dissectors/packet-dns.c
in the ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30651ab18b42e666f57ea239e58f3ff3a5e9c4ad
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-38.html
TODO: check if actually fixed earlier
CVE-2015-8718 (Double free vulnerability in epan/dissectors/packet-nlm.c in
the NLM ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81dfe6d450ada42d12f20ac26a6d8ae2302df37e
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-37.html
TODO: check
CVE-2015-8717 (The dissect_sdp function in epan/dissectors/packet-sdp.c in the
SDP ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ddd92b6f8f587325b9e14598658626f3a007c5c
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-36.html
TODO: check if actually fixed earlier
CVE-2015-8716 (The init_t38_info_conv function in epan/dissectors/packet-t38.c
in the ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb6ccb1b0c4ad02b828652c3fe6e8d51c30a315e
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-35.html
TODO: check if actually fixed earlier
CVE-2015-8715 (epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in
Wireshark ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40caff2d1fb08262c84aaaa8ac584baa8866dd7c
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-34.html
TODO: check if actually fixed earlier
CVE-2015-8714 (The dissect_dcom_OBJREF function in
epan/dissectors/packet-dcom.c in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d34267d0503a67235bf259fd2f2f2d2bb8b18cf5
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-33.html
TODO: check if actually fixed earlier
CVE-2015-8713 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in
Wireshark ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67b6d4f7e6f2117b40957fd51518aa2a3e659002
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html
TODO: check if actually fixed earlier
CVE-2015-8712 (The dissect_hsdsch_channel_info function in ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ae329a47b7f0ac94089c23e79c6b8bc18ba80ea
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html
TODO: check if actually fixed earlier
CVE-2015-8711 (epan/dissectors/packet-nbap.c in the NBAP dissector in
Wireshark ...)
- wireshark 2.0.1+g59ea380-1
+ [squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13
@@ -1043,11 +1076,13 @@
RESERVED
{DSA-3439-1}
- prosody 0.9.9-1
+ [squeeze] - prosody <not-affected> (Vulnerable code not present)
NOTE: https://prosody.im/security/advisory_20160108-2/
CVE-2016-1231 [Fix path traversal vulnerability in mod_http_files]
RESERVED
{DSA-3439-1}
- prosody 0.9.9-1
+ [squeeze] - prosody <not-affected> (Vulnerable code not present)
NOTE: https://prosody.im/security/advisory_20160108-1/
CVE-2016-1230
RESERVED
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-01-11 12:59:31 UTC (rev 38839)
+++ data/dla-needed.txt 2016-01-11 12:59:40 UTC (rev 38840)
@@ -56,3 +56,11 @@
gajim
NOTE: _rosterSetCB in src/common/connection_handlers.py ?
--
+dwarfutils
+--
+jasper
+--
+radicale
+--
+prosody
+--
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
