[Secure-testing-commits] r23289 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Aug 12 06:08:15 UTC 2013
Author: jmm
Date: 2013-08-12 06:08:14 +0000 (Mon, 12 Aug 2013)
New Revision: 23289
Modified:
data/CVE/list
Log:
poppler unimportant (hardening)
nullmailer no-dsa for oldstable (wheezy already fixed)
nmap no-dsa for stable (squeeze not affected)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-12 05:45:40 UTC (rev 23288)
+++ data/CVE/list 2013-08-12 06:08:14 UTC (rev 23289)
@@ -456,7 +456,9 @@
RESERVED
CVE-2013-4885 [arbitrary file upload flaw in http-domino-enum-passwords NSE script]
RESERVED
- - nmap <unfixed> (bug #719289)
+ - nmap <unfixed> (low; bug #719289)
+ [squeeze] - nmap <not-affected> (Vulnerable code not present)
+ [wheezy] - nmap <no-dsa> (Minor issue)
CVE-2013-4884
RESERVED
CVE-2013-5217
@@ -1889,7 +1891,8 @@
NOT-FOR-US: Flippy Drupal contributed module
CVE-2013-4223 [nullmailer world readable /etc/nullmailer/remotes]
RESERVED
- - nullmailer 1:1.11-2 (bug #684619)
+ - nullmailer 1:1.11-2 (low; bug #684619)
+ [squeeze] - nullmailer <no-dsa> (Minor issue)
NOTE: CVE request originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
NOTE: had the same problem until 1:1.11-2
CVE-2013-4222 [Keystone disabling a tenant does not disable a user token]
@@ -24705,7 +24708,7 @@
CVE-2012-2142 [Insufficient sanitization of escape sequences in the error message]
RESERVED
- xpdf <not-affected> (uses poppler's Error.cc)
- - poppler 0.18.4-7
+ - poppler 0.18.4-7 (unimportant)
NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in ...)
- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
More information about the Secure-testing-commits
mailing list