Author: benh
Date: 2015-07-16 16:31:23 +0000 (Thu, 16 Jul 2015)
New Revision: 35509
Modified:
data/CVE/list
Log:
Triage new issues for squeeze-lts
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-16 16:27:03 UTC (rev 35508)
+++ data/CVE/list 2015-07-16 16:31:23 UTC (rev 35509)
@@ -127,6 +127,7 @@
- ipython <unfixed> (bug #789824)
[jessie] - ipython <no-dsa> (Minor issue)
[wheezy] - ipython <no-dsa> (Minor issue)
+ [squeeze] - ipython <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0
(2.x)
NOTE:
https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816
(3.x)
NOTE: Affected versions: 0.12 <= version <= 3.2.0
@@ -410,10 +411,12 @@
CVE-2015-XXXX [Do not blindly forward cache peer CONNECT responses]
- squid <removed>
- squid3 <unfixed>
+ [squeeze] - squid <not-affected> (Vulnerable code not present)
NOTE:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch
(3.5)
NOTE:
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch
(3.4)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/07/06/8
+ NOTE: In squeeze's squid3 the code is structured differently but the
bug still appears to be present.
TODO: check
CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in
unicode-decoder.cc in ...)
- nodejs <not-affected> (Only affects 0.12.x)
@@ -1683,6 +1686,8 @@
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
- icu <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4760
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-4759
RESERVED
CVE-2015-4758
@@ -1723,11 +1728,15 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client and server deployment of Java."
CVE-2015-4748
RESERVED
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client and server deployment of Java."
CVE-2015-4747
RESERVED
CVE-2015-4746
@@ -1767,16 +1776,22 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-4732
RESERVED
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-4731
RESERVED
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-4730
RESERVED
CVE-2015-4729
@@ -2061,6 +2076,7 @@
RESERVED
- cacti 0.8.8e+ds1-1
NOTE: http://bugs.cacti.net/view.php?id=2577
+ NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-4633
RESERVED
CVE-2015-4632
@@ -7100,6 +7116,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2807
RESERVED
CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to
execute ...)
@@ -7696,7 +7714,6 @@
RESERVED
CVE-2015-2659
RESERVED
- - openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
CVE-2015-2658
@@ -7760,11 +7777,15 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-2637
RESERVED
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-2636
RESERVED
CVE-2015-2635
@@ -7778,6 +7799,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-2631
RESERVED
CVE-2015-2630
@@ -7789,6 +7812,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-2627
RESERVED
- openjdk-6 <not-affected> (Specific to Java client installer)
@@ -7801,6 +7826,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2624
RESERVED
CVE-2015-2623
@@ -7812,6 +7839,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-2620
RESERVED
- mysql-5.6 5.6.25-2
@@ -7820,7 +7849,6 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2619
RESERVED
- - openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
CVE-2015-2618
@@ -7842,6 +7870,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client and server deployment of Java."
CVE-2015-2612
RESERVED
CVE-2015-2611
@@ -7873,6 +7903,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client and server deployment of Java."
CVE-2015-2600
RESERVED
CVE-2015-2599
@@ -7893,6 +7925,9 @@
RESERVED
- virtualbox 4.3.30-dfsg-1 (bug #792446)
- virtualbox-ose <removed>
+ [squeeze] - virtualbox-ose <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
+ NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when
guests using bridged networking over Wifi."
CVE-2015-2593
RESERVED
CVE-2015-2592
@@ -7904,6 +7939,8 @@
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
+ NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+ NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-2589
RESERVED
CVE-2015-2588
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
