[Secure-testing-commits] r32534 - data/CVE

Fri, 27 Feb 2015 12:48:06 -0800 

Author: benh
Date: 2015-02-27 20:47:44 +0000 (Fri, 27 Feb 2015)
New Revision: 32534

Modified:
   data/CVE/list
Log:
Mark CVE-2012-6686 as rejected and merge information into CVE-2013-4357

See <https://marc.info/?l=oss-security&m=142477834307260&w=2>


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-02-27 19:29:18 UTC (rev 32533)
+++ data/CVE/list       2015-02-27 20:47:44 UTC (rev 32534)
@@ -4924,16 +4924,8 @@
        [wheezy] - cabextract <no-dsa> (Minor issue)
        [squeeze] - cabextract <no-dsa> (Minor issue)
        NOTE: Starting with 1.4-5 cabextract uses the mspack system library
-CVE-2012-6686 [unbound alloca use in glob_in_dir]
-       RESERVED
-       - glibc 2.17-1
-       - eglibc <removed>
-       [wheezy] - eglibc 2.13-38+deb7u6
-       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
-       NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
-       NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
-       NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
-       NOTE: Fixed upstream in 2.14
+CVE-2012-6686
+       REJECTED
 CVE-2012-6685 [ruby-nokogiri XXE]
        RESERVED
        - ruby-nokogiri 1.5.4-1 (low)
@@ -38300,11 +38292,16 @@
        [wheezy] - libav <not-affected> (Vulnerable code not present)
        - ffmpeg <not-affected> (Vulnerable code not present)
        NOTE: libav fix: 
http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
-CVE-2013-4357 [getaddrinfo() stack overflow]
+CVE-2013-4357 [getaddrinfo(), glob_in_dir stack overflow]
        RESERVED
        - eglibc 2.17-1 (unimportant; bug #742925)
-       [wheezy] - eglibc 2.13-38+deb7u5
+       [wheezy] - eglibc 2.13-38+deb7u6
        NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
+       NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
+       NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
+       NOTE: 
https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
+       NOTE: Fixed upstream in 2.14
 CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow 
pagetables when ...)
        - xen 4.4.0-1
        [wheezy] - xen <not-affected> (Only affects 4.3+)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to