Author: carnil Date: 2017-01-14 13:19:50 +0000 (Sat, 14 Jan 2017) New Revision: 48028
Modified: data/CVE/list Log: More fixes from 8.7 recorded Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-14 13:08:28 UTC (rev 48027) +++ data/CVE/list 2017-01-14 13:19:50 UTC (rev 48028) @@ -15772,7 +15772,7 @@ RESERVED CVE-2016-XXXX [dbus format string vulnerability] - dbus 1.10.12-1 - [jessie] - dbus <no-dsa> (Minor issue) + [jessie] - dbus 1.8.22-0+deb8u1 [wheezy] - dbus <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157 NOTE: Versions affected: dbus >= 1.4.0 @@ -16138,7 +16138,7 @@ CVE-2016-1000247 [mpg123 memory overread] {DLA-655-1} - mpg123 1.23.8-1 (low; bug #838960) - [jessie] - mpg123 <no-dsa> (Minor issue) + [jessie] - mpg123 1.20.1-2+deb8u1 NOTE: http://mpg123.org/bugs/240 CVE-2016-XXXX [nspr, nss: unprotected environment variables] - nspr 2:4.12-1 (low) @@ -16412,7 +16412,7 @@ RESERVED {DLA-722-1} - irssi 0.8.20-2 (bug #838762) - [jessie] - irssi <no-dsa> (Can be fixed in point release, minor issue) + [jessie] - irssi 0.8.17-1+deb8u2 NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a NOTE: https://irssi.org/2016/09/22/buf.pl-update/ NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1 @@ -16672,7 +16672,7 @@ RESERVED CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...) - gnutls28 3.5.3-4 - [jessie] - gnutls28 <no-dsa> (Minor issue) + [jessie] - gnutls28 3.3.8-6+deb8u4 NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3 NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 @@ -18857,7 +18857,7 @@ RESERVED {DLA-680-1} - bash 4.4-1 - [jessie] - bash <no-dsa> (Minor issue) + [jessie] - bash 4.3-11+deb8u1 NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9 NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and NOTE: Wheezy are affected. @@ -34133,14 +34133,14 @@ RESERVED {DLA-454-1} - minissdpd 1.2.20130907-3.2 (bug #816759) - [jessie] - minissdpd <no-dsa> (Minor issue, local DoS, can be fixed via point release) + [jessie] - minissdpd 1.2.20130907-3+deb8u1 NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47 CVE-2016-3179 RESERVED {DLA-454-1} - minissdpd 1.2.20130907-3.2 (bug #816759) - [jessie] - minissdpd <no-dsa> (Minor issue, local DoS, can be fixed via point release) + [jessie] - minissdpd 1.2.20130907-3+deb8u1 NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 ...) @@ -42576,6 +42576,7 @@ CVE-2016-0634 [bash prompt expanding return value from gethostname()] RESERVED - bash 4.4-1 (unimportant) + [jessie] - bash 4.3-11+deb8u1 NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8 NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025 NOTE: Fixed bin Bash upstream bash-4.4 @@ -44469,7 +44470,7 @@ [wheezy] - ufraw <not-affected> (Vulnerable code not present) [squeeze] - ufraw <not-affected> (Vulnerable code not present) - rawtherapee 4.2.1241-2 - [jessie] - rawtherapee <no-dsa> (Minor issue) + [jessie] - rawtherapee 4.2-1+deb8u2 [wheezy] - rawtherapee <not-affected> (Vulnerable code not present) [squeeze] - rawtherapee <not-affected> (Vulnerable code not present) - exactimage 0.9.1-13 @@ -57860,7 +57861,7 @@ [wheezy] - freeimage <no-dsa> (Minor issue) [squeeze] - freeimage <no-dsa> (Minor issue) - darktable 1.6.7-1 (bug #786792) - [jessie] - darktable <no-dsa> (Minor issue) + [jessie] - darktable 1.4.2-1+deb8u1 [wheezy] - darktable <no-dsa> (Minor issue) NOTE: http://www.ocert.org/advisories/ocert-2015-006.html NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits