[Secure-testing-commits] r24764 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Dec 16 06:43:54 UTC 2013


Author: jmm
Date: 2013-12-16 06:43:54 +0000 (Mon, 16 Dec 2013)
New Revision: 24764

Modified:
   data/CVE/list
Log:
transifex N/A in stable
zope no-dsa and removed from sid
added shm kernel issue to kernel-sec


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-12-16 06:31:27 UTC (rev 24763)
+++ data/CVE/list	2013-12-16 06:43:54 UTC (rev 24764)
@@ -2,10 +2,10 @@
 	NOT-FOR-US: Bio Basespace SDK Ruby Gem
 CVE-2013-7110
 	- transifex-client <unfixed> (low)
+	[wheezy] - transifex-client <not-affected> (Incomplete patch was never released)
 	NOTE: fix for CVE-2013-2073 was incorrect/incomplete
 	NOTE: https://github.com/transifex/transifex-client/issues/42
 	NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
-	TODO: check
 CVE-2013-7083
 	RESERVED
 CVE-2013-7068
@@ -76,7 +76,6 @@
 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
-	TODO: check
 CVE-2013-7089 [dbg_printhex possible information leak]
 	- clamav 0.97.7+dfsg-1
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
@@ -135,7 +134,8 @@
 	NOT-FOR-US: Monitorix
 CVE-2013-7062 [XSS]
 	RESERVED
-	- zope2.12 <unfixed>
+	- zope2.12 <removed> (low)
+	[wheezy] - zope2.12 <no-dsa> (Minor issue)
 	- zope2.13 <not-affected> (Vulnerable code not present)
 CVE-2013-7061 [Privilege escalation through exposed underlying API]
 	RESERVED
@@ -17079,11 +17079,9 @@
 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
 	- ffmpeg <removed>
 	- libav <undetermined>
-	NOTE: No related changes in libav git so far
-	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
+	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
 	NOTE: Needed in ffmpeg 0.5
-	NOTE: Unclear if this really affects libav due to different code
-	TODO: Find a testcase in form of a sample 
+	NOTE: Unclear if this really affects libav due to different code, need to find a test case in form of a sample 
 CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before ...)
 	- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
 	- libav <not-affected> (Code in libav is different, read_ttag)




More information about the Secure-testing-commits mailing list