Author: carnil
Date: 2016-09-17 14:55:44 +0000 (Sat, 17 Sep 2016)
New Revision: 44684

Modified:
   data/CVE/list
Log:
More fixes from point release synced

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-17 14:43:47 UTC (rev 44683)
+++ data/CVE/list       2016-09-17 14:55:44 UTC (rev 44684)
@@ -4258,6 +4258,7 @@
        RESERVED
        {DSA-3666-1 DLA-624-1}
        - mariadb-10.0 10.0.27-1
+       [jessie] - mariadb-10.0 10.0.27-0+deb8u1
        - mysql-5.6 <unfixed>
        - mysql-5.5 <removed>
        NOTE: This will likely be split by MITRE, unclear what precisely maps 
to CVE-2016-6662
@@ -7891,7 +7892,7 @@
        - python3.4 3.4.4~rc1-1
        [jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
        - python2.7 2.7.10~rc1-1
-       [jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+       [jessie] - python2.7 2.7.9-2+deb8u1
        NOTE: https://bugs.python.org/issue22928
        NOTE: Fixed in 3.4 / 3.5: revision 94952: 
https://hg.python.org/cpython/rev/bf3e1c9b80e9
        NOTE: Fixed in 2.7: revision 94951: 
https://hg.python.org/cpython/rev/1c45047c5102
@@ -8332,7 +8333,7 @@
        - python3.4 <removed>
        [jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
        - python2.7 2.7.12~rc1-1
-       [jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+       [jessie] - python2.7 2.7.9-2+deb8u1
        NOTE: https://bugs.python.org/issue26171
 CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS 
...)
        NOT-FOR-US: Citrix
@@ -12370,7 +12371,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
 CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel 
before ...)
        - quassel 1:0.12.4-2 (bug #826402)
-       [jessie] - quassel <no-dsa> (Minor issue)
+       [jessie] - quassel 1:0.10.0-2.3+deb8u3
        [wheezy] - quassel <not-affected> (Vulnerable code introduced with 
0.10.0)
        NOTE: 
https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
        NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 
(0.10.0)
@@ -24061,7 +24062,7 @@
        - python3.4 <removed>
        [jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
        - python2.7 2.7.12~rc1-1
-       [jessie] - python2.7 <no-dsa> (Will be fixed via a point release)
+       [jessie] - python2.7 2.7.9-2+deb8u1
        NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
        NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
        TODO: check other versions
@@ -24570,7 +24571,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
 CVE-2015-XXXX [remotely triggerable crash]
        - ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
-       [jessie] - ruby-eventmachine <no-dsa> (Issue can be fixed in point 
release)
+       [jessie] - ruby-eventmachine 1.0.3-6+deb8u1
        [wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
        NOTE: Workaround entry for DLA-549-1 until CVE assigned
        NOTE: 
https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
@@ -29382,7 +29383,7 @@
        [squeeze] - ruby1.9.1 <not-affected> (DL already fixed with 
CVE-2009-5147, Fiddle does not have vulnerable code)
        - ruby2.0 <removed>
        - ruby2.1 <removed> (bug #796344)
-       [jessie] - ruby2.1 <no-dsa> (Minor issue)
+       [jessie] - ruby2.1 2.1.5-2+deb8u3
        - ruby2.2 2.2.4-1 (bug #796551)
        NOTE: 
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
        TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since 
affects multiple ruby versions
@@ -44548,7 +44549,7 @@
        [wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
        - ruby2.0 <removed>
        - ruby2.1 <removed> (bug #796344)
-       [jessie] - ruby2.1 <no-dsa> (Minor issue)
+       [jessie] - ruby2.1 2.1.5-2+deb8u3
        - ruby2.2 <not-affected> (Does not contain DL, cf note and 
corresponding CVE-2015-7551)
        NOTE: 
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
        NOTE: Although the is upstream commit mentioned, the corresponding 
change does not


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to