[Secure-testing-commits] r24748 - in data: . CVE

[Thijs Kinkhorst]

Author: thijs
Date: 2013-12-14 10:57:04 +0000 (Sat, 14 Dec 2013)
New Revision: 24748

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
wheezy 7.3


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-14 10:40:19 UTC (rev 24747)
+++ data/CVE/list	2013-12-14 10:57:04 UTC (rev 24748)
@@ -2389,7 +2389,7 @@
 	RESERVED
 	- openttd 1.3.3-1 (low)
 	[squeeze] - openttd <no-dsa> (Minor issue)
-	[wheezy] - openttd <no-dsa> (Minor issue)
+	[wheezy] - openttd 1.2.1-3
 	NOTE: http://bugs.openttd.org/task/5820
 CVE-2013-6410 (nbd-server in Network Block Device (nbd) before 3.5 does not properly ...)
 	{DSA-2806-1}
@@ -7215,6 +7215,7 @@
 	- libtar <unfixed> (bug #731860)
 CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when ...)
 	- libguestfs 1:1.22.7-1
+	[wheezy] - libguestfs 1:1.18.1-1+deb7u3
 CVE-2013-4418
 	RESERVED
 CVE-2013-4417
@@ -7540,7 +7541,7 @@
 	- systemd 204-5 (bug #723713)
 CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for ...)
 	- rtkit 0.10-3 (bug #723714)
-	[wheezy] - rtkit <no-dsa> (user can get realtime scheduling privileges)
+	[wheezy] - rtkit 0.10-2+wheezy1
 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging ...)
 	- hplip 3.13.9-1 (bug #723716)
 CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit ...)
@@ -8161,7 +8162,7 @@
 	- passenger <removed>
 	- ruby-passenger 3.0.13debian-1.2 (low; bug #717176)
 	[squeeze] - passenger <no-dsa> (minor, local, issue)
-	[wheezy] - ruby-passenger <no-dsa> (minor, local, issue)
+	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
 CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt ...)
 	{DSA-2729-1}
 	- openafs 1.6.5-1
@@ -13251,7 +13252,7 @@
 CVE-2013-2119
 	RESERVED
 	- ruby-passenger 3.0.13debian-1.1 (low; bug #710351)
-	[wheezy] - ruby-passenger <no-dsa> (Minor issue)
+	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
 CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...)
 	{DSA-2694-1}
 	- spip 2.1.22-1 (bug #709674)
@@ -14085,6 +14086,7 @@
 	RESERVED
 CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary ...)
 	- librsvg 2.40.0-1 (bug #724741)
+	[wheezy] - librsvg 2.36.1-2
 CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application]
 	RESERVED
 	- activemq <not-affected> (portfolio demo app not shipped in Debian package)
@@ -15610,14 +15612,14 @@
 	- libraw 0.15.4-1 (bug #721338)
 	- libkdcraw 4:4.10.5-2 (bug #721340)
 	- darktable 1.2.2-2 (bug #721339)
-	[wheezy] - darktable <no-dsa> (end-user app)
+	[wheezy] - darktable 1.0.4-1+deb7u2
 CVE-2013-1438 [dcraw: multiple DoS]
 	RESERVED
 	{DSA-2748-1}
 	- libraw 0.15.4-1 (bug #721231)
 	- libkdcraw 4:4.10.5-2 (bug #721239)
 	- darktable 1.2.2-2 (bug #721233)
-	[wheezy] - darktable <no-dsa> (end-user app)
+	[wheezy] - darktable 1.0.4-1+deb7u2
 	- dcraw <unfixed> (unimportant; bug #721232)
 	- ufraw 0.19.2-2 (bug #721234)
 	[wheezy] - ufraw <no-dsa> (end-user app)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2013-12-14 10:40:19 UTC (rev 24747)
+++ data/next-point-update.txt	2013-12-14 10:57:04 UTC (rev 24748)
@@ -1,18 +1,2 @@
-CVE-2013-4326
-	[wheezy] - rtkit 0.10-2+wheezy1
-CVE-2013-2119
-	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
-CVE-2013-4136
-	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
 CVE-2013-4288
 	[wheezy] - policykit-1 0.105-3+deb7u1
-CVE-2013-4419
-	[wheezy] - libguestfs 1:1.18.1-1+deb7u3
-CVE-2013-1438
-	[wheezy] - darktable 1.0.4-1+deb7u2
-CVE-2013-1439
-	[wheezy] - darktable 1.0.4-1+deb7u2
-CVE-2013-6411
-	[wheezy] - openttd 1.2.1-3
-CVE-2013-1881
-	[wheezy] - librsvg 2.36.1-2