[Secure-testing-commits] r24521 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Dec 2 12:18:38 UTC 2013
Author: jmm
Date: 2013-12-02 12:18:38 +0000 (Mon, 02 Dec 2013)
New Revision: 24521
Modified:
data/CVE/list
Log:
ruby fixed
mahara removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-02 10:24:17 UTC (rev 24520)
+++ data/CVE/list 2013-12-02 12:18:38 UTC (rev 24521)
@@ -5797,26 +5797,26 @@
- xhprof 0.9.4-1 (bug #726284)
CVE-2013-4432 [a group member with no access rights to folder can still view it]
RESERVED
- - mahara <unfixed> (low; bug #727539)
+ - mahara <removed> (low; bug #727539)
[squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
NOTE: https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952
CVE-2013-4431 [Not checking ownership of blocks before editing them]
RESERVED
- - mahara <unfixed> (low; bug #727552)
+ - mahara <removed> (low; bug #727552)
[squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5832
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5542
NOTE: https://bugs.launchpad.net/mahara/+bug/1233500
CVE-2013-4430
RESERVED
- - mahara <unfixed> (unimportant; bug #727548)
+ - mahara <removed> (unimportant; bug #727548)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5830
NOTE: https://bugs.launchpad.net/mahara/+bug/1175446
NOTE: Only exploitable during installation
CVE-2013-4429 [Arbitrary image download]
RESERVED
- - mahara <unfixed> (low; bug #727545)
+ - mahara <removed> (low; bug #727545)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543
NOTE: https://bugs.launchpad.net/mahara/+bug/1211758
@@ -6704,9 +6704,9 @@
- bitcoin 0.8.4-1 (bug #717828)
NOTE: https://github.com/bitcoin/bitcoin/issues/2838
CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 ...)
- - ruby1.8 <unfixed> (bug #730189)
- - ruby1.9.1 <unfixed> (bug #730178)
- - ruby2.0 <unfixed> (bug #730190)
+ - ruby1.8 1.8.7.358-9 (bug #730189)
+ - ruby1.9.1 1.9.3.484-1 (bug #730178)
+ - ruby2.0 2.0.0.353-1 (bug #730190)
NOTE: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 ...)
{DSA-2745-1}
@@ -20186,6 +20186,7 @@
NOTE: Since 3.3.0 openoffice.org is a transitional source package
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295
NOTE: Additional hardening/UI improvement, not a direct vulnerability
+ NOTE: For 4.2: http://whatofhow.wordpress.com/2013/12/02/stealth-mode/
CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable ...)
- sanlock 2.2-2 (bug #696424)
CVE-2012-5637
@@ -39122,7 +39123,7 @@
RESERVED
CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)]
RESERVED
- - mahara <unfixed> (low; bug #699230)
+ - mahara <removed> (low; bug #699230)
[squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441
CVE-2011-3641
More information about the Secure-testing-commits
mailing list