Author: benh
Date: 2016-08-26 23:45:39 +0000 (Fri, 26 Aug 2016)
New Revision: 44166
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Triage new issues for wheezy; add notes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-26 21:10:13 UTC (rev 44165)
+++ data/CVE/list 2016-08-26 23:45:39 UTC (rev 44166)
@@ -1091,86 +1091,113 @@
CVE-2016-6632
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6631
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6630
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6629
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6628
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6627
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6626
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6625
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
CVE-2016-6624
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6623
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
CVE-2016-6622
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
CVE-2016-6621
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
CVE-2016-6620
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
CVE-2016-6619
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
CVE-2016-6618
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
CVE-2016-6617
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
+ [wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6616
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ [wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
CVE-2016-6615
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
CVE-2016-6614
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
CVE-2016-6609
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
+ [wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6607
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605
RESERVED
CVE-2016-6604
@@ -2109,7 +2136,8 @@
CVE-2016-XXXX [Buffer overflow processing long words]
- cracklib2 2.9.2-3 (bug #835386)
[jessie] - cracklib2 <no-dsa> (Minor issue)
- NOTE: SuSE Patch:
https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
+ [wheezy] - cracklib2 <no-dsa> (Minor issue)
+ NOTE: SuSE patch (not a complete fix):
https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2016/08/23/8
CVE-2016-6318 [Stack-based buffer overflow when parsing large GECOS field]
RESERVED
@@ -6810,6 +6838,7 @@
- gcc-5 <not-affected> (Uses glibc-internal SSP)
- gcc-4.9 <not-affected> (Uses glibc-internal SSP)
- mingw-w64 <unfixed>
+ - mingw32 <removed>
[jessie] - mingw-w64 <no-dsa> (Minor issue)
CVE-2016-4972 [RCE vulnerability in Openstack Murano using insecure YAML tags]
RESERVED
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-08-26 21:10:13 UTC (rev 44165)
+++ data/dla-needed.txt 2016-08-26 23:45:39 UTC (rev 44166)
@@ -13,6 +13,8 @@
--
chicken (Thorsten Alteholz)
--
+eog
+--
gnupg (Santiago R.R.)
--
icu (Roberto C. Sánchez)
@@ -29,6 +31,8 @@
--
lshell (Thorsten Alteholz)
--
+mailman
+--
mat
NOTE: the fix for this issue:
https://security-tracker.debian.org/tracker/TEMP-0826101-4D75EC
is not available yet. It will be available in next upstream release (already
@@ -37,6 +41,10 @@
matrixssl
NOTE: the bignum implementation is in crypto/peersec/mpi.c
--
+mingw-w64
+--
+mingw32
+--
openssl
NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
NOTE: because the wheezy version is completely missing the checks being
@@ -53,6 +61,8 @@
php5 (Thorsten Alteholz)
NOTE: At least CVE-2016-4538 of the outstanding CVEs are vulnerable
--
+phpmyadmin
+--
roundcube
--
ruby-actionpack-3.2 (Guido Günther)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
