Author: carnil
Date: 2016-09-17 14:55:44 +0000 (Sat, 17 Sep 2016)
New Revision: 44684
Modified:
data/CVE/list
Log:
More fixes from point release synced
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-17 14:43:47 UTC (rev 44683)
+++ data/CVE/list 2016-09-17 14:55:44 UTC (rev 44684)
@@ -4258,6 +4258,7 @@
RESERVED
{DSA-3666-1 DLA-624-1}
- mariadb-10.0 10.0.27-1
+ [jessie] - mariadb-10.0 10.0.27-0+deb8u1
- mysql-5.6 <unfixed>
- mysql-5.5 <removed>
NOTE: This will likely be split by MITRE, unclear what precisely maps
to CVE-2016-6662
@@ -7891,7 +7892,7 @@
- python3.4 3.4.4~rc1-1
[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
- python2.7 2.7.10~rc1-1
- [jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+ [jessie] - python2.7 2.7.9-2+deb8u1
NOTE: https://bugs.python.org/issue22928
NOTE: Fixed in 3.4 / 3.5: revision 94952:
https://hg.python.org/cpython/rev/bf3e1c9b80e9
NOTE: Fixed in 2.7: revision 94951:
https://hg.python.org/cpython/rev/1c45047c5102
@@ -8332,7 +8333,7 @@
- python3.4 <removed>
[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
- python2.7 2.7.12~rc1-1
- [jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+ [jessie] - python2.7 2.7.9-2+deb8u1
NOTE: https://bugs.python.org/issue26171
CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS
...)
NOT-FOR-US: Citrix
@@ -12370,7 +12371,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel
before ...)
- quassel 1:0.12.4-2 (bug #826402)
- [jessie] - quassel <no-dsa> (Minor issue)
+ [jessie] - quassel 1:0.10.0-2.3+deb8u3
[wheezy] - quassel <not-affected> (Vulnerable code introduced with
0.10.0)
NOTE:
https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207
(0.10.0)
@@ -24061,7 +24062,7 @@
- python3.4 <removed>
[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
- python2.7 2.7.12~rc1-1
- [jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+ [jessie] - python2.7 2.7.9-2+deb8u1
NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
TODO: check other versions
@@ -24570,7 +24571,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
CVE-2015-XXXX [remotely triggerable crash]
- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
- [jessie] - ruby-eventmachine <no-dsa> (Issue can be fixed in point
release)
+ [jessie] - ruby-eventmachine 1.0.3-6+deb8u1
[wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
NOTE: Workaround entry for DLA-549-1 until CVE assigned
NOTE:
https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
@@ -29382,7 +29383,7 @@
[squeeze] - ruby1.9.1 <not-affected> (DL already fixed with
CVE-2009-5147, Fiddle does not have vulnerable code)
- ruby2.0 <removed>
- ruby2.1 <removed> (bug #796344)
- [jessie] - ruby2.1 <no-dsa> (Minor issue)
+ [jessie] - ruby2.1 2.1.5-2+deb8u3
- ruby2.2 2.2.4-1 (bug #796551)
NOTE:
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since
affects multiple ruby versions
@@ -44548,7 +44549,7 @@
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
- ruby2.0 <removed>
- ruby2.1 <removed> (bug #796344)
- [jessie] - ruby2.1 <no-dsa> (Minor issue)
+ [jessie] - ruby2.1 2.1.5-2+deb8u3
- ruby2.2 <not-affected> (Does not contain DL, cf note and
corresponding CVE-2015-7551)
NOTE:
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
NOTE: Although the is upstream commit mentioned, the corresponding
change does not
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
