[Secure-testing-commits] r44685 - data/CVE

Salvatore Bonaccorso Sat, 17 Sep 2016 08:05:05 -0700

Author: carnil
Date: 2016-09-17 15:04:29 +0000 (Sat, 17 Sep 2016)
New Revision: 44685


Modified:
   data/CVE/list
Log:
Sync remaining package from point release

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-09-17 14:55:44 UTC (rev 44684)
+++ data/CVE/list       2016-09-17 15:04:29 UTC (rev 44685)
@@ -6523,14 +6523,14 @@
        RESERVED
        {DLA-544-1}
        - tcpreplay 3.4.4-3 (bug #829350)
-       [jessie] - tcpreplay <no-dsa> (Minor issue; will be addressed via point 
release)
+       [jessie] - tcpreplay 3.4.4-2+deb8u1
 CVE-2016-6133
        RESERVED
 CVE-2016-6153 [SQLite Tempdir Selection Vulnerability]
        RESERVED
        {DLA-543-1}
        - sqlite3 3.13.0-1
-       [jessie] - sqlite3 <no-dsa> (Minor issue, can be fixed via pu)
+       [jessie] - sqlite3 3.8.7.1-1+deb8u2
        NOTE: http://www.sqlite.org/cgi/src/info/67985761aa93fb61
        NOTE: http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
        NOTE: and possibly http://www.sqlite.org/cgi/src/info/614bb709d34e1148
@@ -8547,7 +8547,7 @@
 CVE-2016-1000108
        RESERVED
        - yaws 2.0.3-2 (bug #832433)
-       [jessie] - yaws <no-dsa> (Minor issue, can be fixed via point release)
+       [jessie] - yaws 1.98-4+deb8u1
        [wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future 
DSA)
        NOTE: 
https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
 CVE-2016-1000104
@@ -10299,7 +10299,7 @@
 CVE-2016-4971 (GNU wget before 1.18 allows remote servers to write to 
arbitrary files ...)
        {DLA-536-1}
        - wget 1.18-1 (bug #827003)
-       [jessie] - wget <no-dsa> (Minor issue)
+       [jessie] - wget 1.16-1+deb8u1
        NOTE: http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
        NOTE: 
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1
 (v1.18)
 CVE-2016-4970 [nfinite loop vulnerability when handling renegotiation using 
SslProvider.OpenSsl]
@@ -12220,12 +12220,12 @@
 CVE-2016-4477 (wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r 
characters ...)
        {DLA-473-1}
        - wpa 2.3-2.4 (bug #823411)
-       [jessie] - wpa <no-dsa> (Minor issue; update_config=1 not default; can 
be fixed future DSA or point release)
+       [jessie] - wpa 2.3-1+deb8u4
        NOTE: http://w1.fi/security/2016-1/
 CVE-2016-4476 (hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 
do not ...)
        {DLA-473-1}
        - wpa 2.3-2.4 (bug #823411)
-       [jessie] - wpa <no-dsa> (Minor issue; update_config=1 not default; can 
be fixed future DSA or point release)
+       [jessie] - wpa 2.3-1+deb8u4
        NOTE: http://w1.fi/security/2016-1/
 CVE-2016-4413
        RESERVED
@@ -12403,7 +12403,7 @@
 CVE-2016-4338 [zabbix-agent: mysql.size shell command injection]
        RESERVED
        - zabbix 1:3.0.3+dfsg-1 (bug #823329)
-       [jessie] - zabbix <no-dsa> (Minor issue)
+       [jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1
        NOTE: http://seclists.org/bugtraq/2016/May/11
        NOTE: https://support.zabbix.com/browse/ZBX-10741
 CVE-2016-4337
@@ -31677,9 +31677,9 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
 CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in 
...)
        {DLA-317-1}
-       [jessie] - vorbis-tools <no-dsa> (Minor issue)
+       - vorbis-tools 1.4.0-7 (bug #797461)
+       [jessie] - vorbis-tools 1.4.0-6+deb8u1
        [wheezy] - vorbis-tools <no-dsa> (Minor issue)
-       - vorbis-tools 1.4.0-7 (bug #797461)
        NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
        NOTE: https://trac.xiph.org/ticket/2212
 CVE-2015-6741
@@ -48293,6 +48293,7 @@
 CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a 
denial ...)
        {DLA-317-1}
        - vorbis-tools 1.4.0-7 (unimportant; bug #776086)
+       [jessie] - vorbis-tools 1.4.0-6+deb8u1
        - opus-tools <unfixed> (unimportant; bug #780160)
        NOTE: https://trac.xiph.org/ticket/2137
        NOTE: Fixed by: 
https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
@@ -48301,7 +48302,7 @@
 CVE-2014-9639 (Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote 
...)
        {DLA-317-1}
        - vorbis-tools 1.4.0-7 (low; bug #776086)
-       [jessie] - vorbis-tools <no-dsa> (Minor issue)
+       [jessie] - vorbis-tools 1.4.0-6+deb8u1
        [wheezy] - vorbis-tools <no-dsa> (Minor issue)
        [squeeze] - vorbis-tools <no-dsa> (Minor issue)
        - opus-tools <unfixed> (bug #780160)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r44685 - data/CVE

Reply via email to