Author: carnil
Date: 2016-09-17 14:43:47 +0000 (Sat, 17 Sep 2016)
New Revision: 44683

Modified:
   data/CVE/list
Log:
Sync glibc, file and gdcm from point release

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-17 14:31:40 UTC (rev 44682)
+++ data/CVE/list       2016-09-17 14:43:47 UTC (rev 44683)
@@ -5441,7 +5441,7 @@
 CVE-2016-6323 [Missing unwind information on ARM]
        RESERVED
        - glibc 2.24-1 (bug #834752)
-       [jessie] - glibc <no-dsa> (Minor issue)
+       [jessie] - glibc 2.19-18+deb8u6
        - eglibc <removed>
        [wheezy] - eglibc <not-affected> (Vulnerable code not present)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20435
@@ -12164,7 +12164,7 @@
        NOTE: https://struts.apache.org/docs/s2-038.html
 CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in ...)
        - glibc 2.22-10
-       [jessie] - glibc <no-dsa> (Minor issue)
+       [jessie] - glibc 2.19-18+deb8u5
        - eglibc <removed>
        [wheezy] - eglibc <no-dsa> (Minor issue)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20112
@@ -13616,7 +13616,7 @@
        - php7.0 7.0.5-1
        - php5 5.6.20+dfsg-1
        - file 1:5.24-1 (bug #827377)
-       [jessie] - file <no-dsa> (Minor issue, magic file needs to be under 
attacker control)
+       [jessie] - file 1:5.22+15-2+deb8u2
        - hhvm <unfixed> (bug #835032)
        NOTE: http://bugs.gw.com/view.php?id=522
        NOTE: 
https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
@@ -14197,7 +14197,7 @@
 CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in ...)
        {DLA-494-1}
        - glibc 2.22-8
-       [jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
+       [jessie] - glibc 2.19-18+deb8u5
        - eglibc <removed>
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
 CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex 
functions ...)
@@ -15781,7 +15781,7 @@
 CVE-2016-3075 (Stack-based buffer overflow in the nss_dns implementation of 
the ...)
        {DLA-494-1}
        - glibc 2.22-6
-       [jessie] - glibc <no-dsa> (Minor issue, can be fixed via point release)
+       [jessie] - glibc 2.19-18+deb8u5
        - eglibc <removed>
        [wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
@@ -22654,7 +22654,7 @@
 CVE-2016-1234 (Stack-based buffer overflow in the glob implementation in GNU C 
...)
        {DLA-494-1}
        - glibc 2.22-8
-       [jessie] - glibc <no-dsa> (Minor issue, can be fixed in a point update)
+       [jessie] - glibc 2.19-18+deb8u5
        - eglibc <removed>
        [wheezy] - eglibc <no-dsa> (Minor issue, can be fixed in a point update)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19779
@@ -26598,14 +26598,14 @@
        NOT-FOR-US: Atlassian Confluence
 CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in ...)
        - gdcm 2.6.2-1
-       [jessie] - gdcm <no-dsa> (Minor issue)
+       [jessie] - gdcm 2.4.4-3+deb8u1
        [wheezy] - gdcm <not-affected> (Vulnerable code not present)
        [squeeze] - gdcm <not-affected> (Vulnerable code not present)
        NOTE: 
http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
        NOTE: 
http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
 CVE-2015-8396 (Integer overflow in the ImageRegionReader::ReadIntoBuffer 
function in ...)
        - gdcm 2.6.2-1
-       [jessie] - gdcm <no-dsa> (Minor issue)
+       [jessie] - gdcm 2.4.4-3+deb8u1
        [wheezy] - gdcm <no-dsa> (Minor issue)
        [squeeze] - gdcm <not-affected> (Vulnerable code not present)
        NOTE: 
http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to