[Secure-testing-commits] r22108 - data/CVE

Arne Wichmann aw-guest at alioth.debian.org
Tue Apr 30 22:51:27 UTC 2013 

Author: aw-guest
Date: 2013-04-30 22:51:27 +0000 (Tue, 30 Apr 2013)
New Revision: 22108

Modified:
   data/CVE/list
Log:
CVE-2013-0787, CVE-2013-0783, CVE-2013-0782, CVE-2013-0780, CVE-2013-0776,
CVE-2013-0775, CVE-2013-0773 fixed in experimental.
CVE-2013-2635, CVE-2013-0349, CVE-2013-0313, CVE-2013-0310, CVE-2013-0309,
CVE-2013-0268 fixed.
CVE-2013-2634, CVE-2013-1826, CVE-2013-1773 fixed in unstable/testing.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-30 21:14:24 UTC (rev 22107)
+++ data/CVE/list	2013-04-30 22:51:27 UTC (rev 22108)
@@ -1417,11 +1417,11 @@
 	- linux <not-affected> (Introduced in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
 CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux ...)
-	- linux <unfixed>
+	- linux 3.2.41-2
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
 CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize ...)
-	- linux <unfixed>
+	- linux 3.2.41-2
 	- linux-2.6 <removed>
 CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET ...)
 	- piwik <itp> (bug #506933)
@@ -3459,8 +3459,9 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 2.6.32-47
 CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux ...)
-	- linux <unfixed> (low)
+	- linux 3.2.41-2 (low)
 	- linux-2.6 <removed> (low)
+	NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2
 CVE-2013-1825
 	REJECTED
 CVE-2013-1824
@@ -3608,8 +3609,9 @@
 	- linux 3.2.38-1
 	- linux-2.6 <removed>
 CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ...)
-	- linux <unfixed>
+	- linux 3.2.41-2
 	- linux-2.6 <removed>
+	NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2
 CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x ...)
 	- linux 3.2.39-1
 	- linux-2.6 <not-affected> (Vulnerability exposed since 3.0)
@@ -5897,7 +5899,7 @@
 	- iceweasel <unfixed>
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...)
-	- iceweasel <unfixed>
+	- iceweasel 19.0.2-1
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...)
@@ -5913,11 +5915,11 @@
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	- iceweasel <unfixed> (bug #703071)
+	- iceweasel 19.0-1 (bug #703071)
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...)
-	- iceweasel <unfixed> (bug #703071)
+	- iceweasel 19.0-1 (bug #703071)
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint ...)
@@ -5925,7 +5927,7 @@
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0780 (Use-after-free vulnerability in the ...)
-	- iceweasel <unfixed> (bug #703071)
+	- iceweasel 19.0-1 (bug #703071)
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox before ...)
@@ -5941,11 +5943,11 @@
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...)
-	- iceweasel <unfixed>
+	- iceweasel 19.0-1 (bug #703071)
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0775 (Use-after-free vulnerability in the ...)
-	- iceweasel <unfixed> (bug #703071)
+	- iceweasel 19.0-1 (bug #703071)
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...)
@@ -5953,7 +5955,7 @@
 	- iceweasel <not-affected> (Introduced in Firefox 15)
 	- icedove <not-affected> (Introduced in Firefox 15)
 CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) ...)
-	- iceweasel <unfixed> (bug #703071)
+	- iceweasel 19.0-1 (bug #703071)
 	- icedove <unfixed>
 	- iceape <unfixed>
 CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, ...)
@@ -7284,7 +7286,7 @@
 	- pktstat 1.8.5-3 (bug #701211)
 	[squeeze] - pktstat <not-affected> (Vulnerable code not present)
 CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...)
-	- linux <unfixed>
+	- linux 3.2.41-2
 	- linux-2.6 <removed>
 CVE-2013-0348 [sthttpd world-redable logdir]
 	RESERVED
@@ -7381,7 +7383,7 @@
 CVE-2013-0314 (The GateIn Portal export/import gadget in JBoss Enterprise Portal ...)
 	NOT-FOR-US: GateIn Portal
 CVE-2013-0313 (The evm_update_evmxattr function in ...)
-	- linux <unfixed>
+	- linux <not-affected> (Code not enabled in Wheezy)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...)
 	- 389-ds-base 1.3.0.3-1 
@@ -7389,11 +7391,12 @@
 	- linux 3.2.41-1
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2013-0310 (The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux ...)
-	- linux <unfixed>
+	- linux <not-affected> (Code not enabled in Wheezy)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when ...)
-	- linux <unfixed>
+	- linux 3.2.41-2
 	- linux-2.6 <not-affected> (THP not in Squeeze)
+	NOTE: Probably gone since 3.2.32, but I checked 3.2.41-2
 CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify that the ...)
 	- git <not-affected> (OpenSSL support is not enabled in Debian, see bug #701586)
 	NOTE: http://marc.info/?l=git&m=136134619013145&w=2
@@ -7459,7 +7462,7 @@
 CVE-2013-0291
 	RESERVED
 CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux ...)
-	- linux <unfixed>
+	- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.4)
 CVE-2013-0289 [missing SSL subject verification]
 	RESERVED
@@ -7533,8 +7536,8 @@
 	- ruby1.9.1 1.9.3.194-7 (bug #700436)
 	- ruby1.8 <not-affected> (json ext not present in 1.8)
 CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel ...)
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux 3.2.41-2
+	- linux-2.6 2.6.32-48squeeze1
 CVE-2013-0267
 	RESERVED
 CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in ...)

More information about the Secure-testing-commits mailing list