CVE/list: sort release entries after their package entry

author: Emilio Pozuelo Monfort <pochu@debian.org> 2020-11-05 13:38:43 +0100
committer: Emilio Pozuelo Monfort <pochu@debian.org> 2020-11-05 13:52:05 +0100
commit: b3cecbb890c4c60320ed32b0ac60786d4929effb (patch)
tree: 20d7cb3cd9b8767650155b5e41835f4608b5877c /data
parent: 6675dba6daedb3768f5e7a6c3d8574e7372c900a (diff)
6 files changed, 50 insertions, 49 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index e78d112e96..1b421eb2b2 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -153,7 +153,6 @@ CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel
 	[stretch] - linux <ignored> (Minor issue, requires invasive changes)
 	[jessie] - linux <ignored> (Minor issue, requires invasive changes)
 	[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
-	[jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
 	- linux-2.6 <removed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
 CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows remot ...)
@@ -280,8 +279,8 @@ CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with
 CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc  ...)
 	{DLA-165-1}
 	- glibc 2.19-1 (bug #722075)
-	[wheezy] - eglibc 2.13-38+deb7u5
 	- eglibc <removed>
+	[wheezy] - eglibc 2.13-38+deb7u5
 	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
 	NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
 	NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 50660e1262..208226dd9d 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1771,8 +1771,8 @@ CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka g
 	{DLA-411-1}
 	- glibc 2.23-1 (bug #813187)
 	[jessie] - glibc <no-dsa> (Minor issue)
-	[wheezy] - eglibc <no-dsa> (Minor issue)
 	- eglibc <removed>
+	[wheezy] - eglibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
@@ -4630,11 +4630,11 @@ CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8
 	{DSA-3316-1 DSA-3235-1}
 	- openjdk-8 8u45-b14-1 (high)
 	- openjdk-7 7u79-2.5.5-1 (high)
+	[wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy)
+	[squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze)
 	- openjdk-6 <removed> (high)
-	[squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze)
 	[wheezy] - openjdk-6 <not-affected> (MIME type setting is harmless on wheezy)
-	[squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze)
-	[wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy)
+	[squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze)
 	NOTE: Starting with mime-support 3.53, MimeType entries in desktop
 	NOTE: files end up in /etc/mailcap, which introduces the user-initiated
 	NOTE: code execution.
@@ -5187,6 +5187,7 @@ CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining
 CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.1 ...)
 	- kde-runtime 4:4.14.2-2 (bug #769632)
 	[wheezy] - kde-runtime <no-dsa> (Minor issue)
+	- kdebase-runtime <removed>
 	[squeeze] - kdebase-runtime <no-dsa> (Minor issue)
 	- webkitkde 1.3.4-2 (unimportant)
 	NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689
@@ -6039,8 +6040,8 @@ CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validatio
 CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...)
 	{DLA-452-1}
 	- smarty3 3.1.21-1 (bug #765920)
-	- smarty <not-affected> (Only affects 3.x series)
 	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+	- smarty <not-affected> (Only affects 3.x series)
 	NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch
 CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon debugg ...)
 	- systemd-shim 8-4
@@ -10371,9 +10372,9 @@ CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Dat
 	NOT-FOR-US: Oracle
 CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
 	- virtualbox-guest-additions <removed>
+	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
 	- virtualbox-guest-additions-iso 4.3.14-1
 	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
-	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
 CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
 	NOT-FOR-US: Oracle E-Business Suite
@@ -16737,10 +16738,10 @@ CVE-2014-3874
 	RESERVED
 CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p1 ...)
 	- kfreebsd-8 <removed>
-	- kfreebsd-9 <removed> (bug #750493)
+	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
 	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+	- kfreebsd-9 <removed> (bug #750493)
 	[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
-	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
 CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login pag ...)
 	NOT-FOR-US: D-Link firmware
 CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic Sol ...)
@@ -17150,9 +17151,9 @@ CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel befor
 CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ...)
 	{DSA-3067-1 DSA-3066-1}
 	- qemu 2.1+dfsg-6 (bug #765496)
+	[squeeze] - qemu <end-of-life>
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life>
-	[squeeze] - qemu <end-of-life>
 	NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks.
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc
 CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows remot ...)
@@ -17317,9 +17318,9 @@ CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder
 CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...)
 	{DSA-3045-1 DSA-3044-1}
 	- qemu 2.1+dfsg-5 (bug #762532)
+	[squeeze] - qemu <end-of-life>
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life>
-	[squeeze] - qemu <end-of-life>
 	NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
 CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
 	{DSA-3026-1 DLA-87-1}
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 0e26a1a376..ca66e0b313 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -4556,8 +4556,8 @@ CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.
 	{DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1}
 	- linux 4.2.6-2
 	- linux-2.6 <removed>
-	- xen 4.8.0~rc3-1 (bug #823620)
 	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
+	- xen 4.8.0~rc3-1 (bug #823620)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-156.html
 	NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218
@@ -5017,8 +5017,8 @@ CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 d
 CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka gli ...)
 	- glibc 2.21-1 (bug #803927)
 	[jessie] - glibc 2.19-18+deb8u2
-	[wheezy] - eglibc 2.13-38+deb7u9
 	- eglibc <removed>
+	[wheezy] - eglibc 2.13-38+deb7u9
 	[squeeze] - eglibc 2.11.3-4+deb6u8
 	NOTE: workaround entry for DLA-350-1 until/if CVE assigned
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16009
@@ -8020,8 +8020,8 @@ CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs)
 CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...)
 	{DSA-3362-1 DSA-3361-1}
 	- qemu 1:2.4+dfsg-2
-	- qemu-kvm <removed>
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
+	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/1
 	NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
@@ -12129,8 +12129,8 @@ CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.
 	{DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1}
 	- linux 4.2.6-1
 	- linux-2.6 <removed>
-	- xen 4.8.0~rc3-1 (bug #823620)
 	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
+	- xen 4.8.0~rc3-1 (bug #823620)
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-156.html
 	- virtualbox 5.0.10-dfsg-1
@@ -14509,23 +14509,23 @@ CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp
 CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38 ...)
 	{DSA-3410-1 DSA-3333-1}
 	- iceweasel 38.2.0esr-1
+	[squeeze] - iceweasel <end-of-life>
 	- icedove 38.3.0-1
 	[squeeze] - icedove <end-of-life>
-	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
 CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in Mozil ...)
 	{DSA-3410-1 DSA-3333-1}
 	- iceweasel 38.2.0esr-1
+	[squeeze] - iceweasel <end-of-life>
 	- icedove 38.3.0-1
 	[squeeze] - icedove <end-of-life>
-	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
 CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...)
 	{DSA-3410-1 DSA-3333-1}
 	- iceweasel 38.2.0esr-1
+	[squeeze] - iceweasel <end-of-life>
 	- icedove 38.3.0-1
 	[squeeze] - icedove <end-of-life>
-	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
 CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before 40 ...)
 	- libvpx 1.4.0-1
@@ -14588,9 +14588,9 @@ CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Moz
 CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
 	{DSA-3410-1 DSA-3333-1}
 	- iceweasel 38.2.0esr-1
+	[squeeze] - iceweasel <end-of-life>
 	- icedove 38.3.0-1
 	[squeeze] - icedove <end-of-life>
-	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
 CVE-2015-4466
 	RESERVED
@@ -18110,12 +18110,13 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows
 	{DSA-3286-1 DSA-3285-1 DSA-3284-1}
 	- qemu 1:2.3+dfsg-6 (bug #788460)
 	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
+	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
+	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	- xen 4.4.0-1
 	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
+        - xen-qemu-dm-4.0 <removed>
 	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
-	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
-	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Xen switched to qemu-system in 4.4.0-1
 	NOTE: http://xenbits.xen.org/xsa/advisory-135.html
 CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...)
@@ -21201,10 +21202,10 @@ CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x befor
 	- netty 1:4.0.31-1 (bug #796114)
 	[jessie] - netty <ignored> (Minor issue, invasive patch)
 	[wheezy] - netty <no-dsa> (Minor issue)
+	[squeeze] - netty <no-dsa> (Minor issue)
 	- netty-3.9 3.9.9.Final-1 (bug #793770)
 	[jessie] - netty-3.9 <ignored> (Minor issue, invasive patch)
 	- playframework <itp> (bug #646523)
-	[squeeze] - netty <no-dsa> (Minor issue)
 	NOTE: http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
 	NOTE: https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
 	NOTE: http://web.archive.org/web/20150925094949/http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index f3777a253f..5c2bf36bc3 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -8320,8 +8320,8 @@ CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code executi
 CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the handl ...)
 	{DLA-693-1}
 	- tiff 4.0.6-3
-	- tiff3 <removed>
 	[jessie] - tiff 4.0.3-12.3+deb8u2
+	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
 	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
@@ -26047,9 +26047,9 @@ CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.45-0+deb7u7
+	[squeeze] - php5 5.3.3.1-7+squeeze29
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
-	[squeeze] - php5 5.3.3.1-7+squeeze29
 	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
 	NOTE: https://bugs.php.net/bug.php?id=71039
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
@@ -26069,9 +26069,9 @@ CVE-2016-XXXX [Integer overflow in iptcembed()]
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.45-0+deb7u7
+	[squeeze] - php5 5.3.3.1-7+squeeze29
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
-	[squeeze] - php5 5.3.3.1-7+squeeze29
 	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
 	NOTE: https://bugs.php.net/bug.php?id=71459
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518
@@ -26124,9 +26124,9 @@ CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.45-0+deb7u7
+	[squeeze] - php5 5.3.3.1-7+squeeze29
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
-	[squeeze] - php5 5.3.3.1-7+squeeze29
 	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
 	NOTE: https://bugs.php.net/bug.php?id=71391
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
@@ -26158,9 +26158,9 @@ CVE-2016-XXXX [Crash on bad SOAP request]
 	- php5 5.6.18+dfsg-1
 	[jessie] - php5 5.6.19+dfsg-0+deb8u1
 	[wheezy] - php5 5.4.45-0+deb7u7
+	[squeeze] - php5 5.3.3.1-7+squeeze29
 	- php5.6 5.6.18+dfsg-1
 	- php7.0 7.0.3-1
-	[squeeze] - php5 5.3.3.1-7+squeeze29
 	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
 	NOTE: https://bugs.php.net/bug.php?id=70979
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551
@@ -27344,10 +27344,10 @@ CVE-2016-1980
 CVE-2016-1979 (Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...)
 	{DSA-3688-1 DSA-3576-1 DLA-480-1 DLA-472-1}
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	- icedove 38.8.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
 	- nss 2:3.21-1
@@ -27382,10 +27382,10 @@ CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
 CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC impleme ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
 CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows mig ...)
 	- iceweasel <not-affected> (Windows-specific)
@@ -27403,19 +27403,19 @@ CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozil
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
 CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
 	- brotli 0.3.0+dfsg-3 (bug #817233)
 	NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
 CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the availabilit ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
 CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ...)
 	{DSA-3520-1 DSA-3510-1}
@@ -27439,10 +27439,10 @@ CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
 CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
 CVE-2016-1962 (Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ...)
 	{DSA-3520-1 DSA-3510-1}
@@ -27487,17 +27487,17 @@ CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
 CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
 CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
 CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ...)
 	{DSA-3520-1 DSA-3510-1}
@@ -27508,10 +27508,10 @@ CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPConte
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
 CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
 CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
 	{DSA-3510-1}
@@ -27539,11 +27539,11 @@ CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (
 	NOTE: NSS fixed in 3.21.1
 CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...)
 	- iceweasel <removed>
-	- firefox-esr 45.0esr-1
-	- firefox 45.0-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
+	- firefox-esr 45.0esr-1
+	- firefox 45.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
 CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is u ...)
 	- iceweasel <not-affected> (Only affects Firefox for Android)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 8869f8b915..a8e069bcb7 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -34739,9 +34739,9 @@ CVE-2018-8037 (If an async request was completed by the application at the same
 	NOTE: https://svn.apache.org/r1833907 (8.5.x)
 CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...)
 	- libpdfbox-java 1:1.8.15-1 (low; bug #902776)
-	- libpdfbox2-java 2.0.11-1 (low)
 	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
 	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
+	- libpdfbox2-java 2.0.11-1 (low)
 	NOTE: https://www.openwall.com/lists/oss-security/2018/06/29/2
 CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
 	NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA)
@@ -49186,9 +49186,9 @@ CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Heal
 	NOT-FOR-US: Oracle
 CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
 	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
-	[experimental] - openjdk-7 7u171-2.6.13-1
 	- openjdk-9 9.0.4+12-1
 	- openjdk-8 8u162-b12-1
+	[experimental] - openjdk-7 7u171-2.6.13-1
 	- openjdk-7 <removed>
 	- openjdk-6 <removed>
 	[wheezy] - openjdk-6 <end-of-life>
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c02a172f8d..9b1d630006 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -38726,9 +38726,9 @@ CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the R
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
 	- ldb 2:2.1.4-1
 	[buster] - ldb <no-dsa> (Minor issue)
+	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
 	- samba 2:4.12.5+dfsg-1
 	[buster] - samba <postponed> (Minor issue, fix along in next DSA)
-	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html
 	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb)
 CVE-2020-10729 [two random password lookups in same task return same value]
author	Emilio Pozuelo Monfort <pochu@debian.org>	2020-11-05 13:38:43 +0100
committer	Emilio Pozuelo Monfort <pochu@debian.org>	2020-11-05 13:52:05 +0100
commit	b3cecbb890c4c60320ed32b0ac60786d4929effb (patch)
tree	20d7cb3cd9b8767650155b5e41835f4608b5877c /data
parent	6675dba6daedb3768f5e7a6c3d8574e7372c900a (diff)