Author: carnil
Date: 2016-09-17 14:19:25 +0000 (Sat, 17 Sep 2016)
New Revision: 44680
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Start reviewing 8.6 changelog and merge entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-17 14:19:03 UTC (rev 44679)
+++ data/CVE/list 2016-09-17 14:19:25 UTC (rev 44680)
@@ -28847,7 +28847,7 @@
CVE-2015-7747 [When changing both sample format and number of channels, data
gets corrupted; if new sample format smaller than old, possible buffer overflow]
RESERVED
- audiofile 0.3.6-3 (bug #801102)
- [jessie] - audiofile <no-dsa> (Minor issue)
+ [jessie] - audiofile 0.3.6-2+deb8u1
[wheezy] - audiofile <no-dsa> (Minor issue)
[squeeze] - audiofile <not-affected> (Vulnerable code introduced later)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/2
@@ -60632,6 +60632,7 @@
CVE-2014-XXXX [install-sh: insecure use of /tmp]
- automake1.11 <unfixed> (unimportant; bug #827346)
- automake-1.14 <removed> (unimportant; bug #827347)
+ [jessie] - automake-1.14 1:1.14.1-4+deb8u1
- automake-1.15 1:1.15-3 (unimportant; bug #760455)
NOTE: http://seclists.org/oss-sec/2014/q3/588
NOTE: Neutralised by kernel hardening
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2016-09-17 14:19:03 UTC (rev 44679)
+++ data/next-point-update.txt 2016-09-17 14:19:25 UTC (rev 44680)
@@ -32,11 +32,6 @@
[jessie] - dosfstools 3.0.27-1+deb8u1
CVE-2016-4804
[jessie] - dosfstools 3.0.27-1+deb8u1
-CVE-2015-7747
- [jessie] - audiofile 0.3.6-2+deb8u1
-CVE-2014-XXXX
- [jessie] - automake-1.14 1:1.14.1-4+deb8u1
- NOTE: for #827347
CVE-2016-4971
[jessie] - wget 1.16-1+deb8u1
CVE-2016-0772
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
