[Secure-testing-commits] r21335 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Feb 19 11:16:22 UTC 2013
Author: jmm
Date: 2013-02-19 11:16:22 +0000 (Tue, 19 Feb 2013)
New Revision: 21335
Modified:
data/CVE/list
Log:
Ubuntu gnome-screensaver issue doesn't affect Debian
recent rails issues fixed in sid
xserver-xorg-video-qxl fixed
mark minupnpd issues as unfixed, only in experimental so, can be checked once uploaded to sid
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-02-18 23:02:10 UTC (rev 21334)
+++ data/CVE/list 2013-02-19 11:16:22 UTC (rev 21335)
@@ -670,9 +670,9 @@
CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2013-1462 (Integer signedness error in the ExecuteSoapAction function in the ...)
- - miniupnpd <undetermined>
+ - miniupnpd <unfixed>
CVE-2013-1461 (The ExecuteSoapAction function in the SOAPAction handler in the HTTP ...)
- - miniupnpd <undetermined>
+ - miniupnpd <unfixed>
CVE-2013-1460
RESERVED
CVE-2013-1459
@@ -1568,6 +1568,7 @@
RESERVED
CVE-2013-1050
RESERVED
+ - gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
CVE-2013-1049 [remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client]
RESERVED
- cfingerd 1.4.3-3.1 (bug #700098)
@@ -3619,19 +3620,16 @@
RESERVED
CVE-2013-0277 (Active Record in Ruby on Rails 3.x before 3.1.0 and 2.3.x before ...)
{DSA-2620-1}
- - ruby-activerecord-2.3 <unfixed>
+ - ruby-activerecord-2.3 2.3.14-5
- rails 2.3.14.1
- NOTE: According to advisory 3.1.0 and above are not affected, check?
NOTE: Starting with 2.3.14.1 rails is a transition package
- TODO: check and report to BTS
CVE-2013-0276 (ActiveRecord in Ruby on Rails 3.2.x before 3.2.12, 3.1.x before ...)
{DSA-2620-1}
- - ruby-activerecord-3.2 <unfixed>
- ruby-activemodel-3.2 3.2.6-3
- ruby-activerecord-2.3 2.3.14-5
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
- TODO: check and report to BTS
+ NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2
CVE-2013-0275 [ganglia: XSS]
RESERVED
- ganglia <unfixed> (bug #700158)
@@ -3753,9 +3751,9 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q1/202
CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...)
- - xserver-xorg-video-qxl <unfixed> (bug #699396)
+ - xserver-xorg-video-qxl 0.0.17-1 (bug #699396)
NOTE: http://seclists.org/oss-sec/2013/q1/204
- TODO: check
+ TODO: check, whether this affects Stable, does qemu-KVM in Stable enable SPICE?
CVE-2013-0240 [Does not check SSL certificates when creating Windows Live or Facebook accounts]
RESERVED
- gnome-online-accounts 3.4.2-2 (bug #699825)
@@ -3799,9 +3797,9 @@
- linux <unfixed>
- linux-2.6 <removed>
CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the ...)
- - miniupnpd <undetermined>
+ - miniupnpd <unfixed>
CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in ...)
- - miniupnpd <undetermined>
+ - miniupnpd <unfixed>
CVE-2013-0228
RESERVED
- linux <unfixed>
More information about the Secure-testing-commits
mailing list