[Secure-testing-commits] r21325 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Feb 18 16:52:49 UTC 2013 

Author: jmm
Date: 2013-02-18 16:52:49 +0000 (Mon, 18 Feb 2013)
New Revision: 21325

Modified:
   data/CVE/list
Log:
several wireshark issues not in stable
connman,pigz, phpbb3, puppet, pyrad no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-18 16:49:14 UTC (rev 21324)
+++ data/CVE/list	2013-02-18 16:52:49 UTC (rev 21325)
@@ -351,32 +351,32 @@
 	- wireshark <unfixed>
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213
 	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47098
-	TODO: check
 CVE-2013-1587 (The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c ...)
 	- wireshark <unfixed>
+	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679
 	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44700
-	TODO: check
 CVE-2013-1586 (The fragment_set_tot_len function in epan/reassemble.c in Wireshark ...)
 	{DSA-2625-1}
 	- wireshark <unfixed>
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46999
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47000
-	TODO: check
 CVE-2013-1585 (epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 ...)
 	- wireshark <unfixed>
+	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46705
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46678
-	TODO: check
 CVE-2013-1584 (The dissect_version_5_and_6_primary_header function in ...)
 	- wireshark <unfixed>
+	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579
 	TODO: check
 CVE-2013-1583 (The dissect_version_4_primary_header function in ...)
 	- wireshark <unfixed>
+	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46577
 	TODO: check
@@ -385,7 +385,6 @@
 	- wireshark <unfixed>
 	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871
 	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45646
-	TODO: check
 CVE-2013-1571
 	RESERVED
 CVE-2013-1570
@@ -2427,6 +2426,7 @@
 CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after ...)
 	- connman 1.0-1.1 (bug #697580)
 	[wheezy] - connman 1.0-1.1+wheezy1
+	[squeeze] - connman <no-dsa> (Minor issue)
 CVE-2012-6458
 	RESERVED
 CVE-2012-6457
@@ -3569,12 +3569,14 @@
 	RESERVED
 CVE-2013-0296 [creates temp files with too wide permissions]
 	RESERVED
-	- pigz <unfixed> (bug #700608)
+	- pigz <unfixed> (low; bug #700608)
+	[squeeze] - pigz <no-dsa> (Minor issue)
 CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS]
 	RESERVED
 CVE-2013-0294 [potentially predictable password hashing]
 	RESERVED
-	- pyrad 2.0-2 (bug #700669)
+	- pyrad 2.0-2 (low; bug #700669)
+	[squeeze] - pyrad <no-dsa> (Minor issue)
 CVE-2013-0293
 	RESERVED
 CVE-2013-0292 [Local privilege escalation due improper filtering of message sender when NameOwnerChanged signal received]
@@ -4600,9 +4602,9 @@
 CVE-2012-6120 [Directory /var/log/puppet is world readable]
 	RESERVED
 	- puppet 2.6.4-2
+	[squeeze] - puppet <no-dsa> (Minor issue)
 	NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
 	NOTE: After starting puppetmaster permissions on directory are restricted
-	TODO: report bug for Squeeze?
 CVE-2012-6119
 	RESERVED
 	NOTE: Candlepin
@@ -33822,7 +33824,8 @@
 	NOT-FOR-US: Symantec LiveUpdate Administrator
 CVE-2011-0544
 	RESERVED
-	- phpbb3 3.0.7-PL1-5 (bug #612477)
+	- phpbb3 3.0.7-PL1-5 (low; bug #612477)
+	[squeeze] - phpbb3 <no-dsa> (Minor issue)
 CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, ...)
 	- fuse 2.8.5-1 (low; bug #624551)
 	[squeeze] - fuse <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list