[Secure-testing-commits] r21335 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Feb 19 11:16:22 UTC 2013


Author: jmm
Date: 2013-02-19 11:16:22 +0000 (Tue, 19 Feb 2013)
New Revision: 21335

Modified:
   data/CVE/list
Log:
Ubuntu gnome-screensaver issue doesn't affect Debian
recent rails issues fixed in sid
xserver-xorg-video-qxl fixed
mark minupnpd issues as unfixed, only in experimental so, can be checked once uploaded to sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-18 23:02:10 UTC (rev 21334)
+++ data/CVE/list	2013-02-19 11:16:22 UTC (rev 21335)
@@ -670,9 +670,9 @@
 CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2013-1462 (Integer signedness error in the ExecuteSoapAction function in the ...)
-	- miniupnpd <undetermined>
+	- miniupnpd <unfixed>
 CVE-2013-1461 (The ExecuteSoapAction function in the SOAPAction handler in the HTTP ...)
-	- miniupnpd <undetermined>
+	- miniupnpd <unfixed>
 CVE-2013-1460
 	RESERVED
 CVE-2013-1459
@@ -1568,6 +1568,7 @@
 	RESERVED
 CVE-2013-1050
 	RESERVED
+	- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
 CVE-2013-1049 [remotely-exploitable buffer overflow in cfingerd's rfc1413 (ident) client]
 	RESERVED
 	- cfingerd 1.4.3-3.1 (bug #700098)
@@ -3619,19 +3620,16 @@
 	RESERVED
 CVE-2013-0277 (Active Record in Ruby on Rails 3.x before 3.1.0 and 2.3.x before ...)
 	{DSA-2620-1}
-	- ruby-activerecord-2.3 <unfixed>
+	- ruby-activerecord-2.3 2.3.14-5
 	- rails 2.3.14.1
-	NOTE: According to advisory 3.1.0 and above are not affected, check?
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	TODO: check and report to BTS
 CVE-2013-0276 (ActiveRecord in Ruby on Rails 3.2.x before 3.2.12, 3.1.x before ...)
 	{DSA-2620-1}
-	- ruby-activerecord-3.2 <unfixed>
 	- ruby-activemodel-3.2 3.2.6-3
 	- ruby-activerecord-2.3 2.3.14-5
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-	TODO: check and report to BTS 
+	NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2
 CVE-2013-0275 [ganglia: XSS]
 	RESERVED
 	- ganglia <unfixed> (bug #700158)
@@ -3753,9 +3751,9 @@
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2013/q1/202
 CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...)
-	- xserver-xorg-video-qxl <unfixed> (bug #699396) 
+	- xserver-xorg-video-qxl 0.0.17-1 (bug #699396) 
 	NOTE: http://seclists.org/oss-sec/2013/q1/204
-	TODO: check
+	TODO: check, whether this affects Stable, does qemu-KVM in Stable enable SPICE?
 CVE-2013-0240 [Does not check SSL certificates when creating Windows Live or Facebook accounts]
 	RESERVED
 	- gnome-online-accounts 3.4.2-2 (bug #699825)
@@ -3799,9 +3797,9 @@
 	- linux <unfixed>
 	- linux-2.6 <removed>
 CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the ...)
-	- miniupnpd <undetermined>
+	- miniupnpd <unfixed>
 CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in ...)
-	- miniupnpd <undetermined>
+	- miniupnpd <unfixed>
 CVE-2013-0228
 	RESERVED
 	- linux <unfixed>




More information about the Secure-testing-commits mailing list