Author: carnil
Date: 2016-09-17 14:43:47 +0000 (Sat, 17 Sep 2016)
New Revision: 44683
Modified:
data/CVE/list
Log:
Sync glibc, file and gdcm from point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-17 14:31:40 UTC (rev 44682)
+++ data/CVE/list 2016-09-17 14:43:47 UTC (rev 44683)
@@ -5441,7 +5441,7 @@
CVE-2016-6323 [Missing unwind information on ARM]
RESERVED
- glibc 2.24-1 (bug #834752)
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u6
- eglibc <removed>
[wheezy] - eglibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20435
@@ -12164,7 +12164,7 @@
NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in ...)
- glibc 2.22-10
- [jessie] - glibc <no-dsa> (Minor issue)
+ [jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20112
@@ -13616,7 +13616,7 @@
- php7.0 7.0.5-1
- php5 5.6.20+dfsg-1
- file 1:5.24-1 (bug #827377)
- [jessie] - file <no-dsa> (Minor issue, magic file needs to be under
attacker control)
+ [jessie] - file 1:5.22+15-2+deb8u2
- hhvm <unfixed> (bug #835032)
NOTE: http://bugs.gw.com/view.php?id=522
NOTE:
https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
@@ -14197,7 +14197,7 @@
CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in ...)
{DLA-494-1}
- glibc 2.22-8
- [jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex
functions ...)
@@ -15781,7 +15781,7 @@
CVE-2016-3075 (Stack-based buffer overflow in the nss_dns implementation of
the ...)
{DLA-494-1}
- glibc 2.22-6
- [jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
+ [jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
@@ -22654,7 +22654,7 @@
CVE-2016-1234 (Stack-based buffer overflow in the glob implementation in GNU C
...)
{DLA-494-1}
- glibc 2.22-8
- [jessie] - glibc <no-dsa> (Minor issue, can be fixed in a point update)
+ [jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed in a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19779
@@ -26598,14 +26598,14 @@
NOT-FOR-US: Atlassian Confluence
CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in ...)
- gdcm 2.6.2-1
- [jessie] - gdcm <no-dsa> (Minor issue)
+ [jessie] - gdcm 2.4.4-3+deb8u1
[wheezy] - gdcm <not-affected> (Vulnerable code not present)
[squeeze] - gdcm <not-affected> (Vulnerable code not present)
NOTE:
http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
NOTE:
http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
CVE-2015-8396 (Integer overflow in the ImageRegionReader::ReadIntoBuffer
function in ...)
- gdcm 2.6.2-1
- [jessie] - gdcm <no-dsa> (Minor issue)
+ [jessie] - gdcm 2.4.4-3+deb8u1
[wheezy] - gdcm <no-dsa> (Minor issue)
[squeeze] - gdcm <not-affected> (Vulnerable code not present)
NOTE:
http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
