Author: jmm
Date: 2016-02-28 22:07:42 +0000 (Sun, 28 Feb 2016)
New Revision: 40034
Modified:
data/CVE/list
data/DSA/list
Log:
add references for CVE-less drupal issues
fixup reference for pillow in wheezy (different source package)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-28 21:49:44 UTC (rev 40033)
+++ data/CVE/list 2016-02-28 22:07:42 UTC (rev 40034)
@@ -121,11 +121,15 @@
CVE-2016-XXXX [File upload access bypass and denial of service]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
+ [wheezy] - drupal7 7.14-2+deb7u12
+ [jessie] - drupal7 7.32-1+deb8u6
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-XXXX [Brute force amplification attacks via XML-RPC]
- drupal7 7.43-1
+ [wheezy] - drupal7 7.14-2+deb7u12
+ [jessie] - drupal7 7.32-1+deb8u6
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
@@ -133,6 +137,8 @@
CVE-2016-XXXX [Open redirect via path manipulation]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
+ [wheezy] - drupal7 7.14-2+deb7u12
+ [jessie] - drupal7 7.32-1+deb8u6
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
@@ -157,12 +163,16 @@
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-XXXX [Reflected file download vulnerability]
- drupal7 7.43-1
+ [wheezy] - drupal7 7.14-2+deb7u12
+ [jessie] - drupal7 7.32-1+deb8u6
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-XXXX [Saving user accounts can sometimes grant the user all roles]
- drupal7 7.43-1
+ [wheezy] - drupal7 7.14-2+deb7u12
+ [jessie] - drupal7 7.32-1+deb8u6
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
@@ -170,6 +180,8 @@
CVE-2016-XXXX [Email address can be matched to an account]
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
+ [wheezy] - drupal7 7.14-2+deb7u12
+ [jessie] - drupal7 7.32-1+deb8u6
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/02/24/19
@@ -1539,6 +1551,7 @@
{DLA-422-1}
- pillow 3.1.1-1
- python-imaging <removed>
+ [wheezy] - python-imaging 1.1.7-4+deb7u2
NOTE: https://github.com/python-pillow/Pillow/pull/1706
NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/5
NOTE:
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
@@ -5665,6 +5678,7 @@
{DLA-422-1}
- pillow 3.1.1-1 (bug #813909)
- python-imaging <removed>
+ [wheezy] - python-imaging 1.1.7-4+deb7u2
NOTE:
https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec
(3.1.1)
CVE-2016-0774 [Incomplete fix for CVE-2015-1805 for kernel versions < 3.16]
RESERVED
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2016-02-28 21:49:44 UTC (rev 40033)
+++ data/DSA/list 2016-02-28 22:07:42 UTC (rev 40034)
@@ -1,5 +1,4 @@
[28 Feb 2016] DSA-3499-1 pillow - security update
- [wheezy] - pillow 1.1.7-4+deb7u2
[jessie] - pillow 2.6.1-2+deb8u2
[28 Feb 2016] DSA-3498-1 drupal7 - security update
[wheezy] - drupal7 7.14-2+deb7u12
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
