Author: carnil
Date: 2017-01-14 14:09:52 +0000 (Sat, 14 Jan 2017)
New Revision: 48033
Modified:
data/CVE/list
Log:
Record more fixes from 8.7 release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-14 14:06:38 UTC (rev 48032)
+++ data/CVE/list 2017-01-14 14:09:52 UTC (rev 48033)
@@ -1088,7 +1088,7 @@
CVE-2016-10091 [stack-based buffer overflows in cmd_* functions]
RESERVED
- unrtf 0.21.9-clean-3 (bug #849705)
- [jessie] - unrtf <no-dsa> (Minor issue)
+ [jessie] - unrtf 0.21.5-3+deb8u1
[wheezy] - unrtf <no-dsa> (Minor issue)
NOTE: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406
CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote
authenticated ...)
@@ -3238,7 +3238,7 @@
RESERVED
- libpng1.6 1.6.27-1 (bug #849799)
- libpng <removed>
- [jessie] - libpng <no-dsa> (Minor issue)
+ [jessie] - libpng 1.2.50-2+deb8u3
[wheezy] - libpng <no-dsa> (Minor issue)
NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27
NOTE:
https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba
@@ -11974,7 +11974,7 @@
CVE-2016-9579 [RGW server DoS via request with invalid HTTP Origin header]
RESERVED
- ceph 10.2.5-2 (bug #849048)
- [jessie] - ceph <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/18187
CVE-2016-9578
RESERVED
@@ -12387,63 +12387,63 @@
NOTE: Fixed by (later followed up):
https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/23
CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/43
CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/42
CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/41
CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/40
CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/39
CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/38
NOTE:
https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/37
CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/36
CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/35
CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/33
CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/32
CVE-2016-9621
@@ -12938,86 +12938,86 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/28
CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE:
https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/24
CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/22
CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-33 (bug #844726)
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/20
CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/18
CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/17
CVE-2016-9436 [problem fixed by the new "tagname[0] = '\0'" line in
parsetagx.c]
RESERVED
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/16
NOTE: Fixed by:
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9435 [for the problem fixed by the new conditional PUSH_ENV(HTML_DL)
call in file.c]
RESERVED
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/16
NOTE: Fixed by:
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/15
CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/14
CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/13
CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/10
CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/7
CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/29
CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/26
CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27
allows ...)
@@ -13031,27 +13031,27 @@
NOTE: Fixed by
https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/25
CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/21
CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/12
CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/9
CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork
before ...)
- w3m 0.5.3-30
- [jessie] - w3m <no-dsa> (Minor issue)
+ [jessie] - w3m 0.5.3-19+deb8u1
[wheezy] - w3m <no-dsa> (Minor issue)
NOTE: https://github.com/tats/w3m/issues/8
CVE-2016-9401 [popd controlled free]
@@ -14163,7 +14163,7 @@
RESERVED
{DLA-688-1}
- cairo 1.14.6-1.1 (bug #842289)
- [jessie] - cairo <no-dsa> (Minor issue)
+ [jessie] - cairo 1.14.0-2.1+deb8u2
NOTE: Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=98165
NOTE: Proposed patch upstream:
https://bugs.freedesktop.org/attachment.cgi?id=127421
CVE-2016-9030
@@ -15388,7 +15388,7 @@
CVE-2016-8626 [RGW Denial of Service by sending POST object with null
conditions]
RESERVED
- ceph 10.2.5-1 (bug #844200)
- [jessie] - ceph <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/17635
CVE-2016-8625
RESERVED
@@ -18291,7 +18291,7 @@
CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local
users ...)
{DLA-659-1}
- systemd 231-9 (bug #839607)
- [jessie] - systemd <no-dsa> (Proposed to be fixed via point release)
+ [jessie] - systemd 215-17+deb8u6
NOTE:
https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240
CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and
earlier ...)
@@ -20497,7 +20497,7 @@
NOTE: https://www.sudo.ws/repos/sudo/rev/a826cd7787e9
CVE-2016-7031 (The RGW code in Ceph before 10.0.1, when authenticated-read ACL
is ...)
- ceph 10.2.5-1 (bug #838026)
- [jessie] - ceph <no-dsa> (Minor issue)
+ [jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/13207
NOTE: https://github.com/ceph/ceph/pull/6057
NOTE: https://github.com/ceph/ceph/pull/11045
@@ -22367,7 +22367,7 @@
RESERVED
{DLA-773-1}
- python-crypto 2.6.1-7 (bug #849495)
- [jessie] - python-crypto <no-dsa> (Minor issue)
+ [jessie] - python-crypto 2.6.1-5+deb8u1
NOTE: https://github.com/dlitz/pycrypto/issues/176
NOTE: Fixed by:
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
NOTE: All users of pycrypto's AES module in Debian that allow the mode
@@ -27885,7 +27885,7 @@
NOTE: Fixed by:
http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows
remote ...)
- ceph 10.2.5-1 (bug #829661)
- [jessie] - ceph <no-dsa> (Minor issue)
+ [jessie] - ceph 0.80.7-2+deb8u2
NOTE: http://tracker.ceph.com/issues/16297
NOTE: https://github.com/ceph/ceph/pull/9700
NOTE:
https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
@@ -30929,7 +30929,7 @@
CVE-2016-4021 (The read_binary function in buffer.c in pgpdump before 0.30
allows ...)
{DLA-768-1}
- pgpdump 0.31-0.1 (bug #773747)
- [jessie] - pgpdump <no-dsa> (Minor issue)
+ [jessie] - pgpdump 0.28-1+deb8u1
NOTE:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
NOTE: https://github.com/kazu-yamamoto/pgpdump/pull/16
CVE-2016-4019
@@ -40248,7 +40248,7 @@
RESERVED
{DLA-774-1}
- postgresql-common 178
- [jessie] - postgresql-common <no-dsa> (Will be fixed via point release)
+ [jessie] - postgresql-common 165+deb8u2
NOTE: Fix:
https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee
NOTE: Testsuite update:
https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438
CVE-2016-1254 [TROVE-2016-12-002]
@@ -40261,7 +40261,7 @@
RESERVED
{DLA-745-1}
- most 5.0.0a-3 (bug #848132)
- [jessie] - most <no-dsa> (Minor issue; will be fixed via point release)
+ [jessie] - most 5.0.0a-2.3+deb8u1
CVE-2016-1252
RESERVED
{DSA-3733-1}
@@ -64780,7 +64780,7 @@
- libfcgi 2.4.0-8.3 (bug #681591)
[wheezy] - libfcgi 2.4.0-8.1+deb7u1
- libfcgi-perl 0.78-2 (bug #815840)
- [jessie] - libfcgi-perl <no-dsa> (Minor issue)
+ [jessie] - libfcgi-perl 0.77-1+deb8u1
[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
CVE-2015-8837 (Stack-based buffer overflow in the isofs_real_readdir function
in ...)
@@ -67243,7 +67243,7 @@
CVE-2015-0854 (App/HelperFunctions.pm in Shutter through 0.93.1 allows
user-assisted ...)
{DLA-769-1}
- shutter 0.93.1-1 (low; bug #798862)
- [jessie] - shutter <no-dsa> (Minor issue)
+ [jessie] - shutter 0.92-0.1+deb8u1
[squeeze] - shutter <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/shutter/+bug/1495163
CVE-2015-0853 [insecure use of os.system()]
@@ -67320,7 +67320,7 @@
RESERVED
{DLA-775-1}
- hplip 3.15.11+repack0-1 (bug #787353; bug #796015)
- [jessie] - hplip <no-dsa> (Minor issue)
+ [jessie] - hplip 3.14.6-1+deb8u1
[squeeze] - hplip <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2015/q2/581
NOTE: https://bugs.launchpad.net/bugs/1432516
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
