diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2016-06-28 17:44:56 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2016-06-28 17:44:56 +0000 |
commit | 17228323e4a5ae2b9310d1e871bdbf0764bd87c8 (patch) | |
tree | 8f2e4207468118f01fb64ad0d2de0f50f09c90f1 | |
parent | f7682301aeca2acf5d6b13a07250ace2270f1c4c (diff) |
iperf, mat, libjgroups-java no-dsa
new libreoffice issue
nodejs unimportant
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@42852 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2005.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 743f6e1844..15e1f933fd 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -254,7 +254,7 @@ CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...) NOT-FOR-US: Solaris CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...) - - xview <unfixed> (unimportant) + - xview <not-affected> (xview on Solaris) NOTE: Is only relevant for suid binaries, but xview is not really suitable for NOTE: those anyway. Exact information is not available, but a similar problem NOTE: is already fixed in the Debian package. diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 40dbaed637..d09d224afc 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1517,6 +1517,7 @@ CVE-2016-5235 RESERVED CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs] - mat <unfixed> (bug #826101) + [jessie] - mat <no-dsa> (Documented short-coming, can possibly be fixed by migrating to new upstream release) NOTE: https://labs.riseup.net/code/issues/11067 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5 CVE-2016-5239 [ImageMagick, GraphicsMagick: Gnuplot delegate vulnerability allowing command injection] @@ -4117,6 +4118,8 @@ CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have NOT-FOR-US: Lantronix xPrintServer CVE-2016-4324 RESERVED + - libreoffice <unfixed> + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/ CVE-2016-4323 [MXIT Splash Image Arbitrary File Overwrite Vulnerability] RESERVED - pidgin 2.11.0-1 @@ -4164,6 +4167,7 @@ CVE-2016-4304 CVE-2016-4303 [JSON parsing vulnerability] RESERVED - iperf3 3.1.3-1 (bug #827116) + [jessie] - iperf3 <no-dsa> (Minor issue) NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x) NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/ @@ -10203,7 +10207,8 @@ CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions NOT-FOR-US: OpenShift CVE-2016-2141 RESERVED - - libjgroups-java <unfixed> + - libjgroups-java <unfixed> (low) + [jessie] - libjgroups-java <no-dsa> (Minor issue) CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) ...) - nova <unfixed> [wheezy] - nova <no-dsa> (Minor issue) @@ -11844,7 +11849,7 @@ CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, - chromium-browser 51.0.2704.63-1 [wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy) - libv8 <unfixed> (unimportant) - - nodejs 4.4.6~dfsg-1 + - nodejs 4.4.6~dfsg-1 (unimportant) NOTE: libv8 not covered by security support CVE-2016-1668 (The forEachForBinding function in ...) {DSA-3590-1} |