Author: benh
Date: 2015-09-25 01:42:29 +0000 (Fri, 25 Sep 2015)
New Revision: 36826
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for squeeze-lts
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-25 00:57:49 UTC (rev 36825)
+++ data/CVE/list 2015-09-25 01:42:29 UTC (rev 36826)
@@ -4963,7 +4963,9 @@
CVE-2015-5283 [Creating multiple sockets when SCTP module isn't loaded leads
to kernel panic]
RESERVED
- linux <unfixed>
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: http://patchwork.ozlabs.org/patch/515996/
TODO: check
CVE-2015-5282
@@ -4996,6 +4998,7 @@
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - glibc <no-dsa> (Minor issue)
+ [squeeze] - eglibc <not-affected> (Vulnerable code not present)
CVE-2015-5276 [gcc: Predictable randomness from std::random_device]
RESERVED
- gcc-5 <unfixed>
@@ -5070,6 +5073,7 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <unfixed>
NOTE: Patch: https://marc.info/?l=linux-usb&m=144303376328355
CVE-2015-5256
RESERVED
@@ -11732,6 +11736,7 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <not-affected> (KSM is not enabled)
NOTE:
https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
NOTE: http://www.antoniobarresi.com/security/cloud/2015/07/30/cain/
TODO: check closer the referenced advisories
@@ -12767,6 +12772,7 @@
{DSA-3359-1 DLA-313-1}
- virtualbox 4.3.30-dfsg-1 (bug #792446)
- virtualbox-ose <removed>
+ [squeeze] - virtualbox-ose <unfixed>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when
guests using bridged networking over Wifi."
CVE-2015-2593 (Unspecified vulnerability in the Oracle Access Manager
component in ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-09-25 00:57:49 UTC (rev 36825)
+++ data/dla-needed.txt 2015-09-25 01:42:29 UTC (rev 36826)
@@ -12,6 +12,8 @@
commons-httpclient
NOTE: there a three no-dsa issues open as well (CVE-2014-3577,
CVE-2012-6153, CVE-2012-5783)
--
+eglibc
+--
flightgear
--
freeimage (Thorsten Alteholz)
@@ -23,6 +25,10 @@
libphp-snoopy
NOTE: maintainer might take care of it, cf
http://lists.debian.org/1424805686.2351.19.ca...@debian.org
--
+libvncserver
+--
+linux-2.6
+--
nss (Guido Günther)
--
openafs
@@ -39,8 +45,12 @@
--
squid (Santiago R.R.)
--
+virtualbox-ose
+--
vorbis-tools (Mike Gabriel)
--
+wget
+--
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
