[Secure-testing-commits] r40537 - data/CVE

Moritz Muehlenhoff Wed, 23 Mar 2016 11:54:11 -0700

Author: jmm
Date: 2016-03-23 18:52:41 +0000 (Wed, 23 Mar 2016)
New Revision: 40537


Modified:
   data/CVE/list
Log:
mark four hardware-driven USB DoS as no-dsa, these may trickle in through 
updates anyway and no-dsa can be dropped then
nova no-dsa
icedtea-web no-dsa (proposed for point update)


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-03-23 18:50:21 UTC (rev 40536)
+++ data/CVE/list       2016-03-23 18:52:41 UTC (rev 40537)
@@ -1157,6 +1157,8 @@
 CVE-2016-3140 [crash on invalid USB device descriptors (digi_acceleport 
driver)]
        RESERVED
        - linux <unfixed> (low)
+       [jessie] - linux <no-dsa> (Minor issue)
+       [wheezy] - linux <no-dsa> (Minor issue)
        NOTE: http://seclists.org/bugtraq/2016/Mar/61
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
        NOTE: https://marc.info/?l=linux-usb&m=145796765030590&w=2
@@ -1169,17 +1171,23 @@
 CVE-2016-3138 [crash on invalid USB device descriptors (cdc_acm driver)]
        RESERVED
        - linux <unfixed> (low)
+       [jessie] - linux <no-dsa> (Minor issue)
+       [wheezy] - linux <no-dsa> (Minor issue)
        NOTE: http://seclists.org/bugtraq/2016/Mar/54
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
        NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
 CVE-2016-3137 [crash on invalid USB device descriptors (cypress_m8 driver)]
        RESERVED
        - linux <unfixed> (low)
+       [jessie] - linux <no-dsa> (Minor issue)
+       [wheezy] - linux <no-dsa> (Minor issue)
        NOTE: http://seclists.org/bugtraq/2016/Mar/55
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
 CVE-2016-3136 [crash on invalid USB device descriptors (mct_u232 driver)]
        RESERVED
        - linux <unfixed> (low)
+       [jessie] - linux <no-dsa> (Minor issue)
+       [wheezy] - linux <no-dsa> (Minor issue)
        NOTE: http://seclists.org/bugtraq/2016/Mar/57
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
 CVE-2016-3125 [TLSDHParamFile directive ignored]
@@ -4077,8 +4085,9 @@
 CVE-2016-2140 [Nova host data leak through resize/migration]
        RESERVED
        - nova <unfixed>
+       [wheezy] - nova <no-dsa> (Minor issue)
+       [jessie] - nova <no-dsa> (Minor issue)
        NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
-       TODO: check
 CVE-2016-2139
        RESERVED
 CVE-2016-2138
@@ -20207,8 +20216,12 @@
        RESERVED
 CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not 
properly ...)
        - icedtea-web 1.6.1-1 (bug #798467)
+       [jessie] - icedtea-web <no-dsa> (Minor issue)
+       [wheezy] - icedtea-web <no-dsa> (Minor issue)
 CVE-2015-5234 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not 
properly ...)
        - icedtea-web 1.6.1-1 (bug #798467)
+       [jessie] - icedtea-web <no-dsa> (Minor issue)
+       [wheezy] - icedtea-web <no-dsa> (Minor issue)
 CVE-2015-5233
        RESERVED
        - foreman <itp> (bug #663101)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r40537 - data/CVE

Reply via email to