[Secure-testing-commits] r48028 - data/CVE

Salvatore Bonaccorso Sat, 14 Jan 2017 05:20:08 -0800

Author: carnil
Date: 2017-01-14 13:19:50 +0000 (Sat, 14 Jan 2017)
New Revision: 48028


Modified:
   data/CVE/list
Log:
More fixes from 8.7 recorded

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-14 13:08:28 UTC (rev 48027)
+++ data/CVE/list       2017-01-14 13:19:50 UTC (rev 48028)
@@ -15772,7 +15772,7 @@
        RESERVED
 CVE-2016-XXXX [dbus format string vulnerability]
        - dbus 1.10.12-1
-       [jessie] - dbus <no-dsa> (Minor issue)
+       [jessie] - dbus 1.8.22-0+deb8u1
        [wheezy] - dbus <no-dsa> (Minor issue)
        NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
        NOTE: Versions affected: dbus >= 1.4.0
@@ -16138,7 +16138,7 @@
 CVE-2016-1000247 [mpg123 memory overread]
        {DLA-655-1}
        - mpg123 1.23.8-1 (low; bug #838960)
-       [jessie] - mpg123 <no-dsa> (Minor issue)
+       [jessie] - mpg123 1.20.1-2+deb8u1
        NOTE: http://mpg123.org/bugs/240
 CVE-2016-XXXX [nspr, nss: unprotected environment variables]
        - nspr 2:4.12-1 (low)
@@ -16412,7 +16412,7 @@
        RESERVED
        {DLA-722-1}
        - irssi 0.8.20-2 (bug #838762)
-       [jessie] - irssi <no-dsa> (Can be fixed in point release, minor issue)
+       [jessie] - irssi 0.8.17-1+deb8u2
        NOTE: Fixed by: 
https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
        NOTE: https://irssi.org/2016/09/22/buf.pl-update/
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1
@@ -16672,7 +16672,7 @@
        RESERVED
 CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in 
GnuTLS ...)
        - gnutls28 3.5.3-4
-       [jessie] - gnutls28 <no-dsa> (Minor issue)
+       [jessie] - gnutls28 3.3.8-6+deb8u4
        NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
        NOTE: 
http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
        NOTE: Upstream fix: 
https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
@@ -18857,7 +18857,7 @@
        RESERVED
        {DLA-680-1}
        - bash 4.4-1
-       [jessie] - bash <no-dsa> (Minor issue)
+       [jessie] - bash 4.3-11+deb8u1
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9
        NOTE: Default shell is dash which is not vulnerable, but bash in Jessie 
and
        NOTE: Wheezy are affected.
@@ -34133,14 +34133,14 @@
        RESERVED
        {DLA-454-1}
        - minissdpd 1.2.20130907-3.2 (bug #816759)
-       [jessie] - minissdpd <no-dsa> (Minor issue, local DoS, can be fixed via 
point release)
+       [jessie] - minissdpd 1.2.20130907-3+deb8u1
        NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
        NOTE: 
https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
 CVE-2016-3179
        RESERVED
        {DLA-454-1}
        - minissdpd 1.2.20130907-3.2 (bug #816759)
-       [jessie] - minissdpd <no-dsa> (Minor issue, local DoS, can be fixed via 
point release)
+       [jessie] - minissdpd 1.2.20130907-3+deb8u1
        NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
        NOTE: 
https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
 CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 
1.0.1 ...)
@@ -42576,6 +42576,7 @@
 CVE-2016-0634 [bash prompt expanding return value from gethostname()]
        RESERVED
        - bash 4.4-1 (unimportant)
+       [jessie] - bash 4.3-11+deb8u1
        NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
        NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
        NOTE: Fixed bin Bash upstream bash-4.4
@@ -44469,7 +44470,7 @@
        [wheezy] - ufraw <not-affected> (Vulnerable code not present)
        [squeeze] - ufraw <not-affected> (Vulnerable code not present)
        - rawtherapee 4.2.1241-2
-       [jessie] - rawtherapee <no-dsa> (Minor issue)
+       [jessie] - rawtherapee 4.2-1+deb8u2
        [wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
        [squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
        - exactimage 0.9.1-13
@@ -57860,7 +57861,7 @@
        [wheezy] - freeimage <no-dsa> (Minor issue)
        [squeeze] - freeimage <no-dsa> (Minor issue)
        - darktable 1.6.7-1 (bug #786792)
-       [jessie] - darktable <no-dsa> (Minor issue)
+       [jessie] - darktable 1.4.2-1+deb8u1
        [wheezy] - darktable <no-dsa> (Minor issue)
        NOTE: http://www.ocert.org/advisories/ocert-2015-006.html
        NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r48028 - data/CVE

Reply via email to