[Secure-testing-commits] r24687 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Dec 11 11:57:46 UTC 2013
Author: jmm
Date: 2013-12-11 11:57:45 +0000 (Wed, 11 Dec 2013)
New Revision: 24687
Modified:
data/CVE/list
Log:
new libmicrohttpd issue (no-dsa)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-11 11:29:14 UTC (rev 24686)
+++ data/CVE/list 2013-12-11 11:57:45 UTC (rev 24687)
@@ -116,10 +116,14 @@
- python3.3 <unfixed>
TODO: check
CVE-2013-7039 [stack overflow in MHD_digest_auth_check()]
- - libmicrohttpd <unfixed>
+ - libmicrohttpd <unfixed> (low; bug #731933)
+ [squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
+ [wheezy] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
CVE-2013-7038 [out-of-bounds read in MHD_http_unescape()]
- - libmicrohttpd <unfixed>
+ - libmicrohttpd <unfixed> (low; bug #731933)
+ [squeeze] - libmicrohttpd <no-dsa> (Minor issue)
+ [wheezy] - libmicrohttpd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039384
CVE-2013-7024 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list