Author: carnil Date: 2016-09-17 14:31:40 +0000 (Sat, 17 Sep 2016) New Revision: 44682
Modified: data/CVE/list Log: More fixes from point release Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-09-17 14:24:45 UTC (rev 44681) +++ data/CVE/list 2016-09-17 14:31:40 UTC (rev 44682) @@ -5979,7 +5979,7 @@ NOTE: Furthermore pidgin in Debian is not compiled to use GnuTLS (--enable-gnutls=no) CVE-2016-XXXX [insecure default PATH] - dietlibc 0.34~cvs20160606-2 (bug #832169) - [jessie] - dietlibc <no-dsa> (Can be scheduled through jessie point release) + [jessie] - dietlibc 0.33~cvs20120325-6+deb8u1 [wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1 NOTE: Workaround entry for DLA-557-1 until CVE is assigned NOTE: Following reverse dependencies need to be recompiled: minit (wheezy, jessie), @@ -10416,7 +10416,7 @@ CVE-2016-5042 RESERVED - dwarfutils 20160507-1 - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/ CVE-2016-5041 @@ -10434,13 +10434,13 @@ CVE-2016-5039 RESERVED - dwarfutils 20160507-1 - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/ CVE-2016-5038 RESERVED - dwarfutils 20160507+git20160523.9086738-1 - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ CVE-2016-5037 @@ -10452,7 +10452,7 @@ CVE-2016-5036 RESERVED - dwarfutils 20160507+git20160523.9086738-1 - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/ CVE-2016-5035 @@ -10464,7 +10464,7 @@ CVE-2016-5034 RESERVED - dwarfutils 20160507+git20160523.9086738-1 - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/ CVE-2016-5033 @@ -19452,7 +19452,7 @@ RESERVED CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf ...) - dwarfutils 20160507-1 (bug #813148) - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3 NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91 @@ -20211,6 +20211,7 @@ CVE-2016-2050 [Out-of-bounds write in get_abbrev_array_info] RESERVED - dwarfutils 20160507+git20160523.9086738-1 (unimportant) + [jessie] - dwarfutils 20120410-2+deb8u1 NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9 NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684 NOTE: Reasoning for "unimportant" severity: The affected source code is present @@ -22129,7 +22130,7 @@ RESERVED {DLA-388-1} - dwarfutils 20160507-1 (bug #813182) - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264 NOTE: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697 @@ -25859,7 +25860,7 @@ CVE-2015-8538 [a out of bound read bug is found in libdwarf] RESERVED - dwarfutils 20160507-1 (bug #807817) - [jessie] - dwarfutils <no-dsa> (Minor issue) + [jessie] - dwarfutils 20120410-2+deb8u1 [wheezy] - dwarfutils <no-dsa> (Minor issue) [squeeze] - dwarfutils <not-affected> (No segfault with provided test case) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits