[Secure-testing-commits] r37172 - in data: . CVE

Sun, 18 Oct 2015 17:18:08 -0700 

Author: benh
Date: 2015-10-19 00:17:46 +0000 (Mon, 19 Oct 2015)
New Revision: 37172

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage issues for squeeze (and wheezy, where I could)

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-10-18 22:49:37 UTC (rev 37171)
+++ data/CVE/list       2015-10-19 00:17:46 UTC (rev 37172)
@@ -1,6 +1,7 @@
 CVE-2015-XXXX [Keyrings crash triggerable by unprivileged user]
        - linux <unfixed>
        - linux-2.6 <removed>
+       [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272371
 CVE-2015-XXXX [predictable session key without knowing the passphrase]
        - libjs-openpgp <itp> (bug #787774)
@@ -65,10 +66,14 @@
        TODO: check
 CVE-2015-XXXX [lldpd: buffer overflow when handling management address TLV]
        - lldpd 0.7.19-1
+       [squeeze] - lldpd <not-affected> (Vulnerable code not present)
+       [wheezy] - lldpd <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/10/16/2
 CVE-2015-XXXX [lldpd: asserts triggered by malformed packets]
        - lldpd 0.7.19-1
+       [squeeze] - lldpd <not-affected> (Vulnerable code not present)
+       [wheezy] - lldpd <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2015/10/18/2
 CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
@@ -6227,10 +6232,12 @@
        RESERVED
        - polarssl <unfixed> (bug #801413)
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
-CVE-2015-5290
+CVE-2015-5290 [Remote denial of service using MONITOR command]
        RESERVED
        - charybdis <unfixed>
        - ircd-ratbox <unfixed>
+       [squeeze] - ircd-ratbox <no-dsa> (Slow leak; workaround is available)
+       NOTE: 
http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c/
        TODO: check
 CVE-2015-5289 [stack overflows in json parsing]
        RESERVED

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-10-18 22:49:37 UTC (rev 37171)
+++ data/dla-needed.txt 2015-10-19 00:17:46 UTC (rev 37172)
@@ -11,6 +11,11 @@
 --
 bouncycastle
 --
+cakephp
+  NOTE: Relevant functions and source files in this version appear to be
+  Xml::load in cake/libs/xml.php and RequestHandlerComponent::startup in
+  cake/libs/controller/components/request_handler.php
+--
 imagemagick
 --
 libphp-snoopy


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to