[Secure-testing-commits] r38599 - in data: . CVE

Tue, 29 Dec 2015 17:46:47 -0800 

Author: benh
Date: 2015-12-30 01:46:01 +0000 (Wed, 30 Dec 2015)
New Revision: 38599

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-12-29 22:43:10 UTC (rev 38598)
+++ data/CVE/list       2015-12-30 01:46:01 UTC (rev 38599)
@@ -895,11 +895,12 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
 CVE-2015-8614 [no bounds checking on the output buffer in conv_jistoeuc, 
conv_euctojis, conv_sjistoeuc]
        RESERVED
-       - claws-mail 3.13.1-1
+       - claws-mail <unfixed>
+       - macopix <unfixed>
        NOTE: 
http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
+       NOTE: Upstream patch is broken - first comparison uses wrong operator 
and others appear to assume wrong maximum character length
        NOTE: 
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
        NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
-       TODO: check (other source packages, possibly sylpheed, claws-mail, 
sylfilter, macopix, libsylph)
 CVE-2015-8611
        RESERVED
 CVE-2015-8613 [scsi: stack based buffer overflow in megasas_ctrl_get_info]

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2015-12-29 22:43:10 UTC (rev 38598)
+++ data/dla-needed.txt 2015-12-30 01:46:01 UTC (rev 38599)
@@ -11,11 +11,17 @@
 --
 busybox (Chris Lamb)
 --
+claws-mail
+--
 dbconfig-common
   NOTE: maintainer should take care of this, cf 
https://lists.debian.org/[email protected]
 --
+giflib
+--
 libraw
 --
+librsvg
+--
 libvncserver (Mike Gabriel)
   NOTE: a fix is probably not trivial, as thread safety has to be backported 
to 0.9.7
   NOTE: possibly ending up in ABI breakage, second opinion welcome!
@@ -24,6 +30,10 @@
 --
 lxc (Mike Gabriel)
 --
+macopix
+--
+mono
+--
 nss (Guido Günther)
   NOTE: Trying to sync the solution for CVE-2015-4000 with security team first
   NOTE: see https://lists.debian.org/debian-lts/2015/12/msg00025.html


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to