[Secure-testing-commits] r24554 - data/CVE

Nico Golde nion at moszumanska.debian.org
Tue Dec 3 21:51:16 UTC 2013 

Author: nion
Date: 2013-12-03 21:51:16 +0000 (Tue, 03 Dec 2013)
New Revision: 24554

Modified:
   data/CVE/list
Log:
NFUs; CVE-2012-6535,CVE-2013-1061 fixed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-03 21:45:59 UTC (rev 24553)
+++ data/CVE/list	2013-12-03 21:51:16 UTC (rev 24554)
@@ -1433,7 +1433,7 @@
 CVE-2013-6308
 	RESERVED
 CVE-2013-6307 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
-	TODO: check
+	NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2013-6306
 	RESERVED
 CVE-2013-6305
@@ -3475,7 +3475,7 @@
 CVE-2013-5449
 	RESERVED
 CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin ...)
-	TODO: check
+	NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2013-5447
 	RESERVED
 CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
@@ -10033,7 +10033,7 @@
 CVE-2013-2819
 	RESERVED
 CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 ...)
-	TODO: check
+	NOT-FOR-US: e-terracontrol
 CVE-2013-2817
 	RESERVED
 CVE-2013-2816
@@ -10775,7 +10775,8 @@
 CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before ...)
 	NOT-FOR-US: Spree 
 CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, ...)
-	TODO: check
+	- djvulibre 3.5.25.3-1
+	NOTE: evince doesnt use an embedded version of this
 CVE-2013-2505
 	RESERVED
 CVE-2013-2504
@@ -15197,8 +15198,7 @@
 CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and ...)
 	NOT-FOR-US: ubuntu-system-service
 CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before ...)
-	- software-properties <unfixed>
-	TODO: check
+	- software-properties 0.92.18 (low)
 CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux ...)
 	NOT-FOR-US: Ubuntu packaging specific
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote ...)
@@ -33977,7 +33977,7 @@
 CVE-2012-0428 (Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x ...)
 	NOT-FOR-US: NetIQ eDirectory
 CVE-2012-0427 (yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before ...)
-	TODO: check
+	NOT-FOR-US: inst-source-utils
 CVE-2012-0426 (Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in ...)
 	NOT-FOR-US: SUSE Linux Enterprise for SAP Applications
 CVE-2012-0425 (LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE ...)

More information about the Secure-testing-commits mailing list