Author: jmm
Date: 2017-02-13 13:39:03 +0000 (Mon, 13 Feb 2017)
New Revision: 48878
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
libmysqlclient.so issue CVEfied
NFUs
add vim
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-13 12:08:00 UTC (rev 48877)
+++ data/CVE/list 2017-02-13 13:39:03 UTC (rev 48878)
@@ -22,15 +22,15 @@
CVE-2017-5965
RESERVED
CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Emoncms
CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The
...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before
0.4.2. The ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The
vulnerability ...)
- TODO: check
+ NOT-FOR-US: ionize
CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Phalcon Eye
CVE-2017-XXXX [use-after-free in fz_subsample_pixmap (pixmap.c)]
- mupdf <unfixed>
NOTE: Fix
http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
@@ -1092,17 +1092,6 @@
NOTE: Upstream report: https://launchpad.net/bugs/1651728
NOTE: Upstream fix:
https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/8
-CVE-2017-XXXX [use after free in libmysqlclient.so]
- - mariadb-10.1 <undetermined>
- - mariadb-10.0 <undetermined>
- - mysql-5.7 <not-affected> (Fixed before initial release in Debian)
- - mysql-5.6 <not-affected> (Fixed before initial release in Debian)
- - mysql-5.5 <removed> (bug #854713)
- NOTE: Fixed by:
https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
- NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
- NOTE: https://bugs.mysql.com/bug.php?id=70429
- NOTE: https://bugs.mysql.com/bug.php?id=63363
- NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2017/01/28/1
CVE-2017-5899 [s-nail local root privilege escalation]
RESERVED
- s-nail 14.8.16-1 (bug #852934)
@@ -7342,7 +7331,16 @@
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and
5.7.x ...)
- TODO: check
+ - mariadb-10.1 <undetermined>
+ - mariadb-10.0 <undetermined>
+ - mysql-5.7 <not-affected> (Fixed before initial release in Debian)
+ - mysql-5.6 <not-affected> (Fixed before initial release in Debian)
+ - mysql-5.5 <removed> (bug #854713)
+ NOTE: Fixed by:
https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
+ NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
+ NOTE: https://bugs.mysql.com/bug.php?id=70429
+ NOTE: https://bugs.mysql.com/bug.php?id=63363
+ NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems
Products ...)
NOT-FOR-US: Solaris
CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2017-02-13 12:08:00 UTC (rev 48877)
+++ data/dsa-needed.txt 2017-02-13 13:39:03 UTC (rev 48878)
@@ -37,6 +37,8 @@
--
spip
--
+vim
+--
xen
--
zabbix (jmm)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
