[Secure-testing-commits] r23202 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Aug 6 10:21:34 UTC 2013 

Author: jmm
Date: 2013-08-06 10:21:33 +0000 (Tue, 06 Aug 2013)
New Revision: 23202

Modified:
   data/CVE/list
Log:
strongswan not-affected
gwt no-dsa
silence invalid issue from external check by marking it NFU


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-06 07:02:09 UTC (rev 23201)
+++ data/CVE/list	2013-08-06 10:21:33 UTC (rev 23202)
@@ -42,8 +42,9 @@
 	NOT-FOR-US: Ultra Mini HTTPD
 CVE-2013-5018 [strongswan DoS via XAuth/EAP identities and PEM files]
 	RESERVED
-	- strongswan <unfixed>
-	TODO: check
+	- strongswan <not-affected> (Only affects 5.0.4 from experimental)
+	NOTE: The PEM aspect is under control of the administrator, so not a security issue
+	NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4
 CVE-2013-5017
 	RESERVED
 CVE-2013-5016
@@ -1800,7 +1801,8 @@
 	RESERVED
 CVE-2013-4204 [Google Web Toolkit XSS]
 	RESERVED
-	- gwt <unfixed>
+	- gwt <unfixed> (low)
+	[squeeze] - gwt <no-dsa> (Minor issue)
 	NOTE: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
 CVE-2013-4203 [Rgpg Ruby Gem Remote Command Injection]
 	RESERVED
@@ -6684,6 +6686,7 @@
 	RESERVED
 CVE-2013-2214 [REJECTED: nagios3: information leak; works as designed]
 	RESERVED
+	NOT-FOR-US: Nagios issue, to be rejected
 CVE-2013-2213 [KRandom::random() Small Space of Random Values]
 	RESERVED
 	- kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied)
@@ -7558,7 +7561,6 @@
 	NOT-FOR-US: Drupal contributed module
 CVE-2013-1970
 	REJECTED
-	NOTE: rejected, erroneously assigned for libxml2
 CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...)
 	- libxml2 <not-affected> (Affecting only 2.9.x, see bug #705722)
 	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
@@ -9843,7 +9845,6 @@
 	NOT-FOR-US: Cisco
 CVE-2013-1175
 	REJECTED
-	NOT-FOR-US: Cisco ACE
 CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration ...)
 	NOT-FOR-US: Cisco Tivoli Business Service Manager
 CVE-2013-1173 (Heap-based buffer overflow in ciscod.exe in the Cisco Security Service ...)

More information about the Secure-testing-commits mailing list