diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-11-05 13:38:43 +0100 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-11-05 13:52:05 +0100 |
commit | b3cecbb890c4c60320ed32b0ac60786d4929effb (patch) | |
tree | 20d7cb3cd9b8767650155b5e41835f4608b5877c /data | |
parent | 6675dba6daedb3768f5e7a6c3d8574e7372c900a (diff) |
CVE/list: sort release entries after their package entry
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2013.list | 3 | ||||
-rw-r--r-- | data/CVE/2014.list | 21 | ||||
-rw-r--r-- | data/CVE/2015.list | 23 | ||||
-rw-r--r-- | data/CVE/2016.list | 46 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 2 |
6 files changed, 50 insertions, 49 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index e78d112e96..1b421eb2b2 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -153,7 +153,6 @@ CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel [stretch] - linux <ignored> (Minor issue, requires invasive changes) [jessie] - linux <ignored> (Minor issue, requires invasive changes) [wheezy] - linux <no-dsa> (Minor issue, requires invasive changes) - [jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes) - linux-2.6 <removed> NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533 CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows remot ...) @@ -280,8 +279,8 @@ CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...) {DLA-165-1} - glibc 2.19-1 (bug #722075) - [wheezy] - eglibc 2.13-38+deb7u5 - eglibc <removed> + [wheezy] - eglibc 2.13-38+deb7u5 NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47 NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946 NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16 diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 50660e1262..208226dd9d 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1771,8 +1771,8 @@ CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka g {DLA-411-1} - glibc 2.23-1 (bug #813187) [jessie] - glibc <no-dsa> (Minor issue) - [wheezy] - eglibc <no-dsa> (Minor issue) - eglibc <removed> + [wheezy] - eglibc <no-dsa> (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8 @@ -4630,11 +4630,11 @@ CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8 {DSA-3316-1 DSA-3235-1} - openjdk-8 8u45-b14-1 (high) - openjdk-7 7u79-2.5.5-1 (high) + [wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy) + [squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze) - openjdk-6 <removed> (high) - [squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze) [wheezy] - openjdk-6 <not-affected> (MIME type setting is harmless on wheezy) - [squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze) - [wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy) + [squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze) NOTE: Starting with mime-support 3.53, MimeType entries in desktop NOTE: files end up in /etc/mailcap, which introduces the user-initiated NOTE: code execution. @@ -5187,6 +5187,7 @@ CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.1 ...) - kde-runtime 4:4.14.2-2 (bug #769632) [wheezy] - kde-runtime <no-dsa> (Minor issue) + - kdebase-runtime <removed> [squeeze] - kdebase-runtime <no-dsa> (Minor issue) - webkitkde 1.3.4-2 (unimportant) NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689 @@ -6039,8 +6040,8 @@ CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validatio CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...) {DLA-452-1} - smarty3 3.1.21-1 (bug #765920) - - smarty <not-affected> (Only affects 3.x series) [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts) + - smarty <not-affected> (Only affects 3.x series) NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon debugg ...) - systemd-shim 8-4 @@ -10371,9 +10372,9 @@ CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Dat NOT-FOR-US: Oracle CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox-guest-additions <removed> + [squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported) - virtualbox-guest-additions-iso 4.3.14-1 [wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported) - [squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite @@ -16737,10 +16738,10 @@ CVE-2014-3874 RESERVED CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p1 ...) - kfreebsd-8 <removed> - - kfreebsd-9 <removed> (bug #750493) + [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts) + - kfreebsd-9 <removed> (bug #750493) [wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663) - [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update) CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login pag ...) NOT-FOR-US: D-Link firmware CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic Sol ...) @@ -17150,9 +17151,9 @@ CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel befor CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ...) {DSA-3067-1 DSA-3066-1} - qemu 2.1+dfsg-6 (bug #765496) + [squeeze] - qemu <end-of-life> - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> - [squeeze] - qemu <end-of-life> NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks. NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows remot ...) @@ -17317,9 +17318,9 @@ CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...) {DSA-3045-1 DSA-3044-1} - qemu 2.1+dfsg-5 (bug #762532) + [squeeze] - qemu <end-of-life> - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> - [squeeze] - qemu <end-of-life> NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...) {DSA-3026-1 DLA-87-1} diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 0e26a1a376..ca66e0b313 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4556,8 +4556,8 @@ CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3. {DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1} - linux 4.2.6-2 - linux-2.6 <removed> - - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS) + - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-156.html NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218 @@ -5017,8 +5017,8 @@ CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 d CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka gli ...) - glibc 2.21-1 (bug #803927) [jessie] - glibc 2.19-18+deb8u2 - [wheezy] - eglibc 2.13-38+deb7u9 - eglibc <removed> + [wheezy] - eglibc 2.13-38+deb7u9 [squeeze] - eglibc 2.11.3-4+deb6u8 NOTE: workaround entry for DLA-350-1 until/if CVE assigned NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16009 @@ -8020,8 +8020,8 @@ CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...) {DSA-3362-1 DSA-3361-1} - qemu 1:2.4+dfsg-2 - - qemu-kvm <removed> [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) + - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/1 NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a @@ -12129,8 +12129,8 @@ CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3. {DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1} - linux 4.2.6-1 - linux-2.6 <removed> - - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS) + - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-156.html - virtualbox 5.0.10-dfsg-1 @@ -14509,23 +14509,23 @@ CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38 ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel <end-of-life> - icedove 38.3.0-1 [squeeze] - icedove <end-of-life> - [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/ CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in Mozil ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel <end-of-life> - icedove 38.3.0-1 [squeeze] - icedove <end-of-life> - [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/ CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel <end-of-life> - icedove 38.3.0-1 [squeeze] - icedove <end-of-life> - [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/ CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before 40 ...) - libvpx 1.4.0-1 @@ -14588,9 +14588,9 @@ CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Moz CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel <end-of-life> - icedove 38.3.0-1 [squeeze] - icedove <end-of-life> - [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/ CVE-2015-4466 RESERVED @@ -18110,12 +18110,13 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows {DSA-3286-1 DSA-3285-1 DSA-3284-1} - qemu 1:2.3+dfsg-6 (bug #788460) [wheezy] - qemu 1.1.2+dfsg-6a+deb7u8 + [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) - qemu-kvm <removed> + [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) - xen 4.4.0-1 [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) + - xen-qemu-dm-4.0 <removed> [squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS) - [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS) - [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-135.html CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...) @@ -21201,10 +21202,10 @@ CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x befor - netty 1:4.0.31-1 (bug #796114) [jessie] - netty <ignored> (Minor issue, invasive patch) [wheezy] - netty <no-dsa> (Minor issue) + [squeeze] - netty <no-dsa> (Minor issue) - netty-3.9 3.9.9.Final-1 (bug #793770) [jessie] - netty-3.9 <ignored> (Minor issue, invasive patch) - playframework <itp> (bug #646523) - [squeeze] - netty <no-dsa> (Minor issue) NOTE: http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html NOTE: https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass NOTE: http://web.archive.org/web/20150925094949/http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index f3777a253f..5c2bf36bc3 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -8320,8 +8320,8 @@ CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code executi CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the handl ...) {DLA-693-1} - tiff 4.0.6-3 - - tiff3 <removed> [jessie] - tiff 4.0.3-12.3+deb8u2 + - tiff3 <removed> [wheezy] - tiff3 <not-affected> (Does not ship libtiff tools) NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/ NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package @@ -26047,9 +26047,9 @@ CVE-2016-XXXX [exec functions ignore length but look for NULL termination] - php5 5.6.18+dfsg-1 [jessie] - php5 5.6.19+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u7 + [squeeze] - php5 5.3.3.1-7+squeeze29 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 - [squeeze] - php5 5.3.3.1-7+squeeze29 NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71039 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494 @@ -26069,9 +26069,9 @@ CVE-2016-XXXX [Integer overflow in iptcembed()] - php5 5.6.18+dfsg-1 [jessie] - php5 5.6.19+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u7 + [squeeze] - php5 5.3.3.1-7+squeeze29 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 - [squeeze] - php5 5.3.3.1-7+squeeze29 NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71459 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518 @@ -26124,9 +26124,9 @@ CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()] - php5 5.6.18+dfsg-1 [jessie] - php5 5.6.19+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u7 + [squeeze] - php5 5.3.3.1-7+squeeze29 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 - [squeeze] - php5 5.3.3.1-7+squeeze29 NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71391 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540 @@ -26158,9 +26158,9 @@ CVE-2016-XXXX [Crash on bad SOAP request] - php5 5.6.18+dfsg-1 [jessie] - php5 5.6.19+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u7 + [squeeze] - php5 5.3.3.1-7+squeeze29 - php5.6 5.6.18+dfsg-1 - php7.0 7.0.3-1 - [squeeze] - php5 5.3.3.1-7+squeeze29 NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=70979 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551 @@ -27344,10 +27344,10 @@ CVE-2016-1980 CVE-2016-1979 (Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...) {DSA-3688-1 DSA-3576-1 DLA-480-1 DLA-472-1} - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 - icedove 38.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/ - nss 2:3.21-1 @@ -27382,10 +27382,10 @@ CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/ CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC impleme ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/ CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows mig ...) - iceweasel <not-affected> (Windows-specific) @@ -27403,19 +27403,19 @@ CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozil NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/ CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/ - brotli 0.3.0+dfsg-3 (bug #817233) NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the availabilit ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/ CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ...) {DSA-3520-1 DSA-3510-1} @@ -27439,10 +27439,10 @@ CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/ CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/ CVE-2016-1962 (Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ...) {DSA-3520-1 DSA-3510-1} @@ -27487,17 +27487,17 @@ CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/ CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/ CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/ CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ...) {DSA-3520-1 DSA-3510-1} @@ -27508,10 +27508,10 @@ CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPConte NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/ CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/ CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3510-1} @@ -27539,11 +27539,11 @@ CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services ( NOTE: NSS fixed in 3.21.1 CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...) - iceweasel <removed> - - firefox-esr 45.0esr-1 - - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 43.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x) [squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x) + - firefox-esr 45.0esr-1 + - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/ CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is u ...) - iceweasel <not-affected> (Only affects Firefox for Android) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 8869f8b915..a8e069bcb7 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -34739,9 +34739,9 @@ CVE-2018-8037 (If an async request was completed by the application at the same NOTE: https://svn.apache.org/r1833907 (8.5.x) CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...) - libpdfbox-java 1:1.8.15-1 (low; bug #902776) - - libpdfbox2-java 2.0.11-1 (low) [stretch] - libpdfbox-java <no-dsa> (Minor issue) [jessie] - libpdfbox-java <no-dsa> (Minor issue) + - libpdfbox2-java 2.0.11-1 (low) NOTE: https://www.openwall.com/lists/oss-security/2018/06/29/2 CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...) NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA) @@ -49186,9 +49186,9 @@ CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Heal NOT-FOR-US: Oracle CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4166-1 DSA-4144-1 DLA-1339-1} - [experimental] - openjdk-7 7u171-2.6.13-1 - openjdk-9 9.0.4+12-1 - openjdk-8 8u162-b12-1 + [experimental] - openjdk-7 7u171-2.6.13-1 - openjdk-7 <removed> - openjdk-6 <removed> [wheezy] - openjdk-6 <end-of-life> diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c02a172f8d..9b1d630006 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -38726,9 +38726,9 @@ CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the R CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) - ldb 2:2.1.4-1 [buster] - ldb <no-dsa> (Minor issue) + [stretch] - ldb <not-affected> (Vulnerable code introduced later) - samba 2:4.12.5+dfsg-1 [buster] - samba <postponed> (Minor issue, fix along in next DSA) - [stretch] - ldb <not-affected> (Vulnerable code introduced later) NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb) CVE-2020-10729 [two random password lookups in same task return same value] |