diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2014-04-26 11:15:31 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2014-04-26 11:15:31 +0000 |
commit | 7138aff58e7503e146404259796a1b66a06d396f (patch) | |
tree | f65d7c55c23294e4ce715cad00d4e05d6c09a268 /data/CVE | |
parent | f0eba0203640b361f4d203ccbf178c7e20becb35 (diff) |
Add fixed version from Wheezy 7.5 point release
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@26713 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2003.list | 2 | ||||
-rw-r--r-- | data/CVE/2004.list | 4 | ||||
-rw-r--r-- | data/CVE/2006.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2013.list | 18 | ||||
-rw-r--r-- | data/CVE/2014.list | 28 |
6 files changed, 38 insertions, 22 deletions
diff --git a/data/CVE/2003.list b/data/CVE/2003.list index bdaa5f80de..bb4586c631 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -2153,7 +2153,7 @@ CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard link CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) - mpg123 0.59r-1 - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) + [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) NOT-FOR-US: IRIX diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 913f054f6a..5358f2d2db 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -3842,7 +3842,7 @@ CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ... CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...) - mpg123 0.59r-19 - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) + [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...) {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1} @@ -4328,7 +4328,7 @@ CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0 {DSA-564-1} - mpg123 0.59r-16 - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) + [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...) {DSA-567-1} diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 33214e6a4e..435cb330a1 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -12670,7 +12670,7 @@ CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ... {DSA-1074-1} - mpg123 0.59r-22 (bug #361863) - mp3gain 1.5.2-r2-6 (low) - [wheezy] - mp3gain <no-dsa> (Minor issue) + [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...) NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox diff --git a/data/CVE/2012.list b/data/CVE/2012.list index c2191d37dd..a4f6cc7069 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1102,7 +1102,7 @@ CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle NOTE: Upstream patch: http://sourceforge.net/p/net-snmp/code/ci/793d596838ff7cb48a73b675d62897c56c9e62df/ CVE-2012-6150 (The winbind_name_list_to_sid_string_list function in ...) - samba 2:4.0.13+dfsg-1 (low) - [wheezy] - samba <no-dsa> (Can be fixed along in a future DSA) + [wheezy] - samba 2:3.6.6-6+deb7u3 [squeeze] - samba <no-dsa> (Can be fixed along in a future DSA) - samba4 <not-affected> (Samba 4 winbind does not implement this feature) NOTE: introduced http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392 @@ -1359,7 +1359,7 @@ CVE-2012-6083 RESERVED - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv <no-dsa> (Minor issue) - [wheezy] - freeciv <no-dsa> (Minor issue) + [wheezy] - freeciv 2.3.2-1+deb7u1 CVE-2012-6082 (Cross-site scripting (XSS) vulnerability in the rsslink function in ...) {DSA-2593-1} - moin 1.9.5-2 @@ -2450,7 +2450,7 @@ CVE-2012-5645 RESERVED - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv <no-dsa> (Minor issue) - [wheezy] - freeciv <no-dsa> (Minor issue) + [wheezy] - freeciv 2.3.2-1+deb7u1 CVE-2012-5644 [(Complete) Information disclosure when moving user's home directory] RESERVED - libuser <unfixed> (low; bug #705690) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 1f295b1433..49660d4d77 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -84,6 +84,7 @@ CVE-2013-7341 (Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer CVE-2013-7339 (The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel ...) {DSA-2906-1} - linux 3.13-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0 CVE-2013-7336 [libvirt: unprivileged user can crash libvirtd during spice migration] @@ -2520,7 +2521,7 @@ CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x b [squeeze] - samba <not-affected> (Only affects 4.x and later) [wheezy] - samba <not-affected> (Only affects 4.x and later) - samba4 <removed> - [wheezy] - samba4 <no-dsa> (Minor issue) + [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 NOTE: http://www.samba.org/samba/security/CVE-2013-6442 CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before ...) - lxc <unfixed> (unimportant) @@ -2673,7 +2674,7 @@ CVE-2013-6405 REJECTED CVE-2013-6404 (Quassel core (server daemon) in Quassel IRC before 0.9.2 does not ...) - quassel 0.9.2-1 (low) - [wheezy] - quassel <no-dsa> (Minor issue) + [wheezy] - quassel 0.8.0-1+deb7u1 [squeeze] - quassel <no-dsa> (Minor issue) NOTE: https://github.com/quassel/quassel/commit/a1a24da CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to ...) @@ -7278,10 +7279,10 @@ CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, a NOTE: https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7 CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 ...) - samba 2:4.1.6+dfsg-1 (low) - [wheezy] - samba <no-dsa> (Minor issue) + [wheezy] - samba 2:3.6.6-6+deb7u3 [squeeze] - samba <no-dsa> (Minor issue) - samba4 <removed> - [wheezy] - samba4 <no-dsa> (Minor issue) + [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 NOTE: http://www.samba.org/samba/security/CVE-2013-4496 CVE-2013-4495 (The send_the_mail function in server/svr_mail.c in Terascale ...) {DSA-2796-1} @@ -7328,6 +7329,7 @@ CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of NOTE: https://www.varnish-cache.org/trac/ticket/1367 CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before ...) - linux 3.11.8-1 (low) + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> (low) [squeeze] - linux-2.6 <no-dsa> (Minor issue, too intrusive to backport) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8 @@ -7355,11 +7357,12 @@ CVE-2013-4476 (Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HT [wheezy] - samba <not-affected> (Doesn't provide AD functionality) [squeeze] - samba <not-affected> (Doesn't provide AD functionality) - samba4 <removed> (low) + [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 CVE-2013-4475 (Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, ...) {DSA-2812-1} - samba 2:4.0.11+dfsg-1 (low) - samba4 <removed> (low) - [wheezy] - samba4 <no-dsa> (Minor issue) + [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 CVE-2013-4474 (Format string vulnerability in the extractPages function in ...) - poppler 0.18.4-9 (low; bug #729064) [squeeze] - poppler <not-affected> (pdfseparate not yet present) @@ -7579,6 +7582,7 @@ CVE-2013-4408 (Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done . {DSA-2812-1} - samba 2:4.0.13+dfsg-1 - samba4 <removed> + [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 CVE-2013-4407 (HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module ...) {DSA-2801-1} - libhttp-body-perl 1.17-2 (bug #721634) @@ -8425,7 +8429,7 @@ CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly [squeeze] - lcms <no-dsa> (Minor issue) [wheezy] - lcms <no-dsa> (Minor issue) - lcms2 2.2+git20110628-2.3 (bug #714529) - [wheezy] - lcms2 <no-dsa> (Minor issue) + [wheezy] - lcms2 2.2+git20110628-2.2+deb7u1 NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9 NOTE: https://bugzilla.novell.com/show_bug.cgi?id=826097#c9 CVE-2013-4159 @@ -8558,7 +8562,7 @@ CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans. [wheezy] - samba 2:3.6.6-6+deb7u1 [squeeze] - samba 2:3.5.6~dfsg-3squeeze10 - samba4 <unfixed> (low) - [wheezy] - samba4 <no-dsa> (Minor issue) + [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 NOTE: https://www.samba.org/samba/security/CVE-2013-4124 NOTE: samba as per 2:4.0.9+dfsg-2 is the first upload of the unified samba 4.x package to unstable. NOTE: Issue also fixed in 4.0.8 upstream, thus the fix still contained in 4.x in unstable diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 24d7348bff..3b3077690d 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -705,6 +705,7 @@ CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remot NOTE: fixed in 1.0.51, pending in git http://anonscm.debian.org/gitweb/?p=printing/cups-filters.git;a=commitdiff;h=e7293d18836d90815277a7efb410275b9baa27c7 CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before ...) - linux 3.13.7-1 (low) + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> (low) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba CVE-2014-2686 @@ -767,6 +768,7 @@ CVE-2014-2681 [zendframework ZF2014-01] NOTE: http://framework.zend.com/security/advisory/ZF2014-01 CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel ...) - linux 3.13.10-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: https://lkml.org/lkml/2014/3/29/188 CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) ...) @@ -777,6 +779,7 @@ CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM NOTE: only affects powerpc architecture CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in ...) - linux 3.13.7-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8 CVE-2014-2669 (Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL ...) @@ -1177,6 +1180,7 @@ CVE-2014-2524 [Insecure usage of temporary files] CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through ...) {DSA-2906-1} - linux 3.13.10-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and ...) @@ -1703,12 +1707,13 @@ CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nf NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel ...) - linux 3.13.6-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <not-affected> (Introduced in v3.0) NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0 NOTE: Fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers ...) - net-snmp 5.7.2~dfsg-3 (bug #684388) - [wheezy] - net-snmp <no-dsa> (Minor issue) + [wheezy] - net-snmp 5.4.3~dfsg-2.8 [squeeze] - net-snmp <no-dsa> (Minor issue) NOTE: http://sourceforge.net/p/net-snmp/patches/1113/ CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in ...) @@ -2155,19 +2160,19 @@ CVE-2014-2206 (Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish <no-dsa> (Minor issue) - [wheezy] - catfish <no-dsa> (Minor issue) + [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2095 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish <no-dsa> (Minor issue) - [wheezy] - catfish <no-dsa> (Minor issue) + [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2094 (Untrusted search path vulnerability in Catfish through 0.4.0.3, when a ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish <no-dsa> (Minor issue) - [wheezy] - catfish <no-dsa> (Minor issue) + [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3 allows ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish <no-dsa> (Minor issue) - [wheezy] - catfish <no-dsa> (Minor issue) + [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2086 RESERVED CVE-2014-2085 @@ -2276,7 +2281,7 @@ CVE-2014-2053 RESERVED - owncloud 6.0.2+dfsg-1 - php-getid3 1.9.7-2 - [wheezy] - php-getid3 <no-dsa> (Minor issue) + [wheezy] - php-getid3 1.9.3-1+deb7u1 [squeeze] - php-getid3 <not-affected> (Vulnerable code not present) NOTE: owncloud advisory does not mention details for GetID3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/ @@ -2490,6 +2495,7 @@ CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use th CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the ...) {DSA-2906-1} - linux 3.13.5-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0 CVE-2014-2037 [incomplete fix for CVE-2013-6466 DoS in openSwan] @@ -2829,6 +2835,7 @@ CVE-2014-1875 [insecure use of /tmp] CVE-2014-1874 (The security_context_to_sid_core function in ...) {DSA-2906-1} - linux 3.13.4-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98, first included in v3.14-rc2 CVE-2014-1860 [PHP object insertion] @@ -2842,7 +2849,7 @@ CVE-2014-1832 [incomplete fix of CVE-2014-1831] CVE-2014-1831 [insecure use of /tmp] RESERVED - ruby-passenger 4.0.37-1 (low; bug #736958) - [wheezy] - ruby-passenger <no-dsa> (low; bug #736958) + [wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958) - passenger <removed> [squeeze] - passenger <no-dsa> (minor issue) CVE-2014-1845 [hardening to the defaults] @@ -6320,6 +6327,7 @@ CVE-2014-0132 (The SASL authentication functionality in 389 Directory Server bef - 389-ds-base 1.3.2.9-1.1 (bug #741600) CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in ...) - linux 3.13.6-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2 CVE-2014-0130 @@ -6415,6 +6423,7 @@ CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyri CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the ...) {DSA-2906-1} - linux 3.13.6-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <removed> NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e NOTE: http://patchwork.ozlabs.org/patch/325898/ @@ -6497,6 +6506,7 @@ CVE-2014-0078 RESERVED CVE-2014-0077 (drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...) - linux 3.13.10-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923 NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600 @@ -6521,6 +6531,7 @@ CVE-2014-0070 REJECTED CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel ...) - linux 3.13.6-1 (bug #741958) + [wheezy] - linux 3.2.57-1 - linux-2.6 <not-affected> (Only affects 2.6.38 and later) NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401 NOTE: upstream fix 5d81de8e8667da7135d3a32a964087c0faf5483f included in v3.14-rc4 @@ -6589,6 +6600,7 @@ CVE-2014-0056 [Routers can be cross plugged by other tenants] - neutron 2013.2.2-4 (bug #742800) CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net ...) - linux 3.13.10-1 + [wheezy] - linux 3.2.57-1 - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923 NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600 @@ -6662,7 +6674,7 @@ CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in ...) - subversion 1.8.8-1 (low; bug #737815) [squeeze] - subversion <no-dsa> (Minor issue) - [wheezy] - subversion <no-dsa> (Minor issue) + [wheezy] - subversion 1.6.17dfsg-4+deb7u5 CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache ...) NOT-FOR-US: Apache CloudStack CVE-2014-0030 |