[Secure-testing-commits] r43204 - in data: . CVE

Thu, 14 Jul 2016 15:27:25 -0700 

Author: benh
Date: 2016-07-14 22:27:07 +0000 (Thu, 14 Jul 2016)
New Revision: 43204

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-07-14 21:10:11 UTC (rev 43203)
+++ data/CVE/list       2016-07-14 22:27:07 UTC (rev 43204)
@@ -100,12 +100,14 @@
        NOTE: CVE Request: 
http://www.openwall.com/lists/oss-security/2016/07/13/11
 CVE-2016-6224 [ecryptfs-setup-swap improperly configures encrypted swap when 
using GPT partitioning on a NVMe or MMC drive]
        - ecryptfs-utils <unfixed>
+       [wheezy] - ecryptfs-utils <not-affected> (Broken code not present)
        NOTE: Actually due to an incomplete fix of LP#1447282
        NOTE: https://launchpad.net/bugs/1597154
        NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
        NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
 CVE-2015-8946 [ecryptfs-setup-swap improperly configures encrypted swap when 
using GPT partitioning]
        - ecryptfs-utils <unfixed>
+       [wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 
onward)
        NOTE: https://launchpad.net/bugs/1447282
        NOTE: Fixed by: 
https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
        NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
@@ -135,7 +137,8 @@
 CVE-2016-XXXX [Insecure use of /tmp]
        - leptonlib <unfixed> (bug #830660)
        [jessie] - leptonlib <no-dsa> (Minor issue)
-       NOTE: Not exploitable with kernel hardening since jessie
+       [wheezy] - leptonlib <no-dsa> (Minor issue)
+       NOTE: Not exploitable with kernel hardening since wheezy
 CVE-2016-6198
        RESERVED
        - linux 4.5.5-1
@@ -3577,6 +3580,7 @@
        RESERVED
        - util-linux <unfixed> (bug #830802)
        [jessie] - util-linux <no-dsa> (Minor issue)
+       [wheezy] - util-linux <no-dsa> (Minor issue)
        NOTE: 
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
        NOTE: 
https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
 CVE-2016-5010

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-07-14 21:10:11 UTC (rev 43203)
+++ data/dla-needed.txt 2016-07-14 22:27:07 UTC (rev 43204)
@@ -24,6 +24,8 @@
 cakephp
   NOTE: CVE-2015-8379 No official solution is currently available, 20160425
 --
+drupal7
+--
 extplorer
   NOTE: 20160529, no fix yet
   NOTE: 20160618, still no fix
@@ -32,6 +34,8 @@
 --
 gdb
 --
+gdk-pixbuf
+--
 gosa (Mike Gabriel)
   NOTE: .debdiff sent to the Security Team, waiting for feedback
   NOTE: asked about jessie status (seb)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to