[Secure-testing-commits] r24664 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Dec 10 07:10:53 UTC 2013 

Author: jmm
Date: 2013-12-10 07:10:53 +0000 (Tue, 10 Dec 2013)
New Revision: 24664

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
rails N/A
zabbix no-dsa
take openjdk7


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-10 07:00:51 UTC (rev 24663)
+++ data/CVE/list	2013-12-10 07:10:53 UTC (rev 24664)
@@ -1212,7 +1212,9 @@
 	RESERVED
 CVE-2013-6824 [Possible shell command injection]
 	RESERVED
-	- zabbix 1:2.2.0+dfsg-6
+	- zabbix 1:2.2.0+dfsg-6 (low)
+	[squeeze] - zabbix <no-dsa> (Minor issue)
+	[wheezy] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-7479
 CVE-2013-6823 (GRMGApp in SAP NetWeaver allows remote attackers to bypass intended ...)
 	NOT-FOR-US: SAP
@@ -2111,10 +2113,9 @@
 	NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0
 CVE-2013-6431 [net: fib: fib6_add: potential NULL pointer dereference]
 	RESERVED
-	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux-2.6 <removed> (low)
+	- linux <unfixed> (low)
 	NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
-	TODO: check
 CVE-2013-6430
 	RESERVED
 CVE-2013-6429
@@ -2157,8 +2158,8 @@
 CVE-2013-6416 (Cross-site scripting (XSS) vulnerability in the simple_format helper ...)
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
 	- ruby-actionpack-3.2 <not-affected> (vulnerable code not present)
-	- ruby-actionpack-2.3 <not-affected> (vulnerable coee not present)
-	- rails 2.3.14.1
+	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
+	- rails <not-affected> (vulnerable code not present)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency ...)
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2013-12-10 07:00:51 UTC (rev 24663)
+++ data/dsa-needed.txt	2013-12-10 07:10:53 UTC (rev 24664)
@@ -55,7 +55,7 @@
 --
 openjdk6
 --
-openjdk7/stable
+openjdk7/stable (jmm)
 --
 openswan
 --

More information about the Secure-testing-commits mailing list