[Secure-testing-commits] r42231 - data/CVE

Salvatore Bonaccorso Wed, 01 Jun 2016 21:27:06 -0700

Author: carnil
Date: 2016-06-02 04:26:00 +0000 (Thu, 02 Jun 2016)
New Revision: 42231


Modified:
   data/CVE/list
Log:
Add fixed version information for libxml2 in unstable upload

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-06-02 04:20:20 UTC (rev 42230)
+++ data/CVE/list       2016-06-02 04:26:00 UTC (rev 42231)
@@ -2200,7 +2200,7 @@
        [wheezy] - nginx <not-affected> (Introduced in 1.3.9)
 CVE-2016-4449
        RESERVED
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5
 (v2.9.4)
 CVE-2016-4448
@@ -2214,7 +2214,7 @@
        TODO: check versions, applying the two commits quite intrusive
 CVE-2016-4447
        RESERVED
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83
 (v2.9.4)
 CVE-2016-4446
@@ -2320,7 +2320,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
 CVE-2016-4483
        RESERVED
-       - libxml2 <unfixed> (bug #823405)
+       - libxml2 2.9.3+dfsg1-1.1 (bug #823405)
        [jessie] - libxml2 <no-dsa> (Minor issue, only when using libxml2 using 
recovery mode)
        [wheezy] - libxml2 <no-dsa> (Minor issue, only when using libxml2 using 
recovery mode)
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd
 (v2.9.4)
@@ -4263,7 +4263,7 @@
        - eglibc <removed>
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
 CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex 
functions ...)
-       - libxml2 <unfixed> (bug #823414)
+       - libxml2 2.9.3+dfsg1-1.1 (bug #823414)
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
 CVE-2016-3704
@@ -4571,7 +4571,7 @@
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
 CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 
and ...)
-       - libxml2 <unfixed> (bug #819006)
+       - libxml2 2.9.3+dfsg1-1.1 (bug #819006)
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9
 (v2.9.4)
        NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
@@ -9030,7 +9030,7 @@
 CVE-2016-2093
        RESERVED
 CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of 
service ...)
-       - libxml2 <unfixed> (bug #813613)
+       - libxml2 2.9.3+dfsg1-1.1 (bug #813613)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
        NOTE: Same fix as CVE-2016-1839 seems to resolve the issue
 CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 
does not ...)
@@ -9279,7 +9279,7 @@
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/01/26/5
        NOTE: 
http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
 CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 
allows ...)
-       - libxml2 <unfixed> (bug #812807)
+       - libxml2 2.9.3+dfsg1-1.1 (bug #812807)
        NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
        NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has 
details
        NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
@@ -10155,40 +10155,40 @@
        - libxslt <undetermined>
        TODO: check, most likely *not* only Apple specific
 CVE-2016-1840 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
 CVE-2016-1839 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
        NOTE: 
https://code.google.com/p/google-security-research/issues/detail?id=637
 CVE-2016-1838 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
 CVE-2016-1837 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
 CVE-2016-1836 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        [wheezy] - libxml2 <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0
 (v2.9.4)
        NOTE: Introduced by: 
https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd
 (v2.9.2)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
        NOTE: Regression applies to Jessie, since fix backported as 
0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
 CVE-2016-1835 (libxml2, as used in Apple iOS before 9.3.2 and OS X before 
10.11.5, ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
 CVE-2016-1834 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE:  
https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
 CVE-2016-1833 (libxml2, as used in Apple iOS before 9.3.2, OS X before 
10.11.5, tvOS ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76
 (v2.9.4)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758606
 CVE-2016-1832 (libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS 
before ...)
@@ -10332,7 +10332,7 @@
 CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an 
auto-fill ...)
        TODO: check
 CVE-2016-1762 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari 
before ...)
-       - libxml2 <unfixed>
+       - libxml2 2.9.3+dfsg1-1.1
        NOTE: 
https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
        TODO: check versions, upstream bug not yet public open but referenced 
in commit


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r42231 - data/CVE

Reply via email to