From b3cecbb890c4c60320ed32b0ac60786d4929effb Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Thu, 5 Nov 2020 13:38:43 +0100 Subject: CVE/list: sort release entries after their package entry --- data/CVE/2015.list | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'data/CVE/2015.list') diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 0e26a1a376..ca66e0b313 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4556,8 +4556,8 @@ CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3. {DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1} - linux 4.2.6-2 - linux-2.6 - - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) + - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - xen (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-156.html NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218 @@ -5017,8 +5017,8 @@ CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 d CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka gli ...) - glibc 2.21-1 (bug #803927) [jessie] - glibc 2.19-18+deb8u2 - [wheezy] - eglibc 2.13-38+deb7u9 - eglibc + [wheezy] - eglibc 2.13-38+deb7u9 [squeeze] - eglibc 2.11.3-4+deb6u8 NOTE: workaround entry for DLA-350-1 until/if CVE assigned NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16009 @@ -8020,8 +8020,8 @@ CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...) {DSA-3362-1 DSA-3361-1} - qemu 1:2.4+dfsg-2 - - qemu-kvm [squeeze] - qemu (Not supported in Squeeze LTS) + - qemu-kvm [squeeze] - qemu-kvm (Not supported in Squeeze LTS) NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/1 NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a @@ -12129,8 +12129,8 @@ CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3. {DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1} - linux 4.2.6-1 - linux-2.6 - - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) + - xen 4.8.0~rc3-1 (bug #823620) [squeeze] - xen (Not supported in Squeeze LTS) NOTE: http://xenbits.xen.org/xsa/advisory-156.html - virtualbox 5.0.10-dfsg-1 @@ -14509,23 +14509,23 @@ CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38 ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel - icedove 38.3.0-1 [squeeze] - icedove - [squeeze] - iceweasel NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/ CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in Mozil ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel - icedove 38.3.0-1 [squeeze] - icedove - [squeeze] - iceweasel NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/ CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel - icedove 38.3.0-1 [squeeze] - icedove - [squeeze] - iceweasel NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/ CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before 40 ...) - libvpx 1.4.0-1 @@ -14588,9 +14588,9 @@ CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Moz CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3410-1 DSA-3333-1} - iceweasel 38.2.0esr-1 + [squeeze] - iceweasel - icedove 38.3.0-1 [squeeze] - icedove - [squeeze] - iceweasel NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/ CVE-2015-4466 RESERVED @@ -18110,12 +18110,13 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows {DSA-3286-1 DSA-3285-1 DSA-3284-1} - qemu 1:2.3+dfsg-6 (bug #788460) [wheezy] - qemu 1.1.2+dfsg-6a+deb7u8 + [squeeze] - qemu (Not supported in Squeeze LTS) - qemu-kvm + [squeeze] - qemu-kvm (Not supported in Squeeze LTS) - xen 4.4.0-1 [squeeze] - xen (Not supported in Squeeze LTS) + - xen-qemu-dm-4.0 [squeeze] - xen-qemu-dm-4.0 (Not supported in Squeeze LTS) - [squeeze] - qemu (Not supported in Squeeze LTS) - [squeeze] - qemu-kvm (Not supported in Squeeze LTS) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-135.html CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...) @@ -21201,10 +21202,10 @@ CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x befor - netty 1:4.0.31-1 (bug #796114) [jessie] - netty (Minor issue, invasive patch) [wheezy] - netty (Minor issue) + [squeeze] - netty (Minor issue) - netty-3.9 3.9.9.Final-1 (bug #793770) [jessie] - netty-3.9 (Minor issue, invasive patch) - playframework (bug #646523) - [squeeze] - netty (Minor issue) NOTE: http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html NOTE: https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass NOTE: http://web.archive.org/web/20150925094949/http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156 -- cgit v1.2.3