[Secure-testing-commits] r22880 - in data: CVE DSA

Mon Jul 8 13:55:19 UTC 2013

Author: jmm
Date: 2013-07-08 13:55:19 +0000 (Mon, 08 Jul 2013)
New Revision: 22880

Modified:
   data/CVE/list
   data/DSA/list
Log:
file-roller not-affected in squeeze and wheezy
add some more CVE IDs, which were fixed with the recent icedove DSA
filed bug for libspoon-perl
no-dsa: mysql, libspoon-perl (seems upstream upstream and unmaintained inside pkg, maybe removal?)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-07-08 13:25:39 UTC (rev 22879)
+++ data/CVE/list	2013-07-08 13:55:19 UTC (rev 22880)
@@ -189,8 +189,9 @@
 CVE-2013-4668 [path sanitization errors]
 	RESERVED
 	- file-roller 3.8.3-1
-	TODO: check stable and oldstable
-	NOTE: https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
+	[squeeze] - file-roller <not-affected> (Doesn't use libarchive)
+	[wheezy] - file-roller <not-affected> (Doesn't use libarchive)
+	NOTE: http://www.ocert.org/advisories/ocert-2013-001.html
 CVE-2013-4667
 	RESERVED
 CVE-2013-4666
@@ -5916,7 +5917,9 @@
 CVE-2013-2162 [mysql insecure conffile creation]
 	RESERVED
 	- mysql-5.5 <unfixed> (low; bug #711600)
+	[wheezy] - mysql-5.5 <no-dsa> (Minor issue, can be included in a future DSA)
 	- mysql-5.1 <removed> (low)
+	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, can be included in a future DSA)
 CVE-2013-2161 [Unchecked user input in Swift XML responses]
 	RESERVED
 	- swift <unfixed> (bug #712202)
@@ -12559,7 +12562,9 @@
 	NOTE: https://review.typo3.org/16304
 CVE-2012-6143 [Storable::thaw called on untrusted inputs]
 	RESERVED
-	- libspoon-perl <unfixed>
+	- libspoon-perl <unfixed> (bug #715371; low)
+	[squeeze] - libspoon-perl <no-dsa> (Minor issue)
+	[wheezy] - libspoon-perl <no-dsa> (Minor issue)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85217
 CVE-2012-6142 [Storable::thaw called on untrusted inputs]
 	RESERVED

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2013-07-08 13:25:39 UTC (rev 22879)
+++ data/DSA/list	2013-07-08 13:55:19 UTC (rev 22880)
@@ -2,7 +2,7 @@
 	{CVE-2013-2070}
 	[wheezy] - nginx 1.2.1-2.2+wheezy1
 [06 Jul 2013] DSA-2720-1 icedove - several
-	{CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697}
+	{CVE-2013-0795 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697}
 	[wheezy] - icedove 17.0.7-1~deb7u1
 [05 Jul 2013] DSA-2719-1 poppler - multiple issues
 	{CVE-2013-1788 CVE-2013-1790}


