[Secure-testing-commits] r23488 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2013-08-30 08:55:01 +0000 (Fri, 30 Aug 2013)
New Revision: 23488

Modified:
   data/CVE/list
Log:
expat non-issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-30 07:14:59 UTC (rev 23487)
+++ data/CVE/list	2013-08-30 08:55:01 UTC (rev 23488)
@@ -2,6 +2,7 @@
 	- libvirt 1.1.2~rc1-1
 	[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
 	[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
+	[jessie] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
 	NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08
 	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
 CVE-2013-5646 (Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...)
@@ -2920,6 +2921,7 @@
 	- libvirt <unfixed>
 	[squeeze] - libvirt <not-affected> (Introduced with 1.1.0)
 	[wheezy] - libvirt <not-affected> (Introduced with 1.1.0)
+	[jessie] - libvirt <not-affected> (Introduced with 1.1.0)
 	TODO: check if fix already contained in 1.1.2~rc1-1
 CVE-2013-4291
 	RESERVED
@@ -13857,12 +13859,12 @@
 	NOTE: this is initially related to #700669
 CVE-2013-0341 [external entity expansion]
 	RESERVED
-	- expat <unfixed>
-	TODO: check
+	- expat <unfixed> (unimportant)
+	NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
 CVE-2013-0340 [internal entity expansion]
 	RESERVED
-	- expat <unfixed>
-	TODO: check
+	- expat <unfixed> (unimportant)
+	NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
 CVE-2013-0339 [CPU consumption DoS when performing string substitutions during external entities expansion]
 	RESERVED
 	{DSA-2652-1}