[Secure-testing-commits] r22905 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Jul 11 06:41:39 UTC 2013 

Author: jmm
Date: 2013-07-11 06:41:39 +0000 (Thu, 11 Jul 2013)
New Revision: 22905

Modified:
   data/CVE/list
Log:
xen fixed
ruby1.8 fixed
libraw fixed
cryptocat NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-07-11 01:39:09 UTC (rev 22904)
+++ data/CVE/list	2013-07-11 06:41:39 UTC (rev 22905)
@@ -1401,26 +1401,37 @@
 	RESERVED
 CVE-2013-4110
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4109
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4108
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4107
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4106
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4105
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4104
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4103
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4102
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4101
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4100
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-4099
 	RESERVED
 CVE-2013-4098 (ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote ...)
@@ -1511,7 +1522,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
 CVE-2013-4073 [Hostname check bypassing vulnerability in SSL client]
 	RESERVED
-	- ruby1.8 <unfixed> (bug #714541)
+	- ruby1.8 1.8.7.358-7.1 (bug #714541)
 	- ruby1.9.1 <unfixed> (bug #714543)
 	NOTE: http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
 	NOTE: https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 (1.9.3)
@@ -5670,16 +5681,22 @@
 	NOT-FOR-US: Citrix Access Gateway
 CVE-2013-2262
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-2261
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-2260
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-2259
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-2258
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-2257
 	RESERVED
+	NOT-FOR-US: Cryptocat
 CVE-2013-2256
 	RESERVED
 CVE-2013-2255
@@ -5748,7 +5765,7 @@
 	RESERVED
 CVE-2013-2230
 	RESERVED
-	- libvirt <unfixed>
+	- libvirt <unfixed> (bug #715559)
 	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
 	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
 	[jessie] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
@@ -6107,14 +6124,14 @@
 	NOTE: https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae
 CVE-2013-2127 [libraw: buffer overflow]
 	RESERVED
-	- libraw <not-affected> (Only affects 0.15)
+	- libraw <not-affected> (Only affects 0.15, 0.15 was only in experimental)
 	- libkdcraw <not-affected> (embeds libraw 0.14)
 	- darktable <not-affected> (embeds libraw 0.14)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
 	NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
 CVE-2013-2126 [libraw: double-free]
 	RESERVED
-	- libraw <unfixed> (low; bug #710353)
+	- libraw 0.15.3-1 (low; bug #710353)
 	[wheezy] - libraw <no-dsa> (Not suitable for code injection, minor issue)
 	[squeeze] - libraw <not-affected> (Vulnerable code not present)
 	- libkdcraw 4:4.8.4-2 (low; bug #711317)
@@ -6313,15 +6330,15 @@
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443
 CVE-2013-2078 [xen: Hypervisor crash due to missing exception recovery on XSETBV]
 	RESERVED
-	- xen <unfixed>
+	- xen 4.2.2-1
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
 CVE-2013-2077 [xen: Hypervisor crash due to missing exception recovery on XRSTOR]
 	RESERVED
-	- xen <unfixed>
+	- xen 4.2.2-1
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
 CVE-2013-2076 [xen: Information leak on XSAVE/XRSTOR capable AMD CPUs]
 	RESERVED
-	- xen <unfixed>
+	- xen 4.2.2-1
 	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
 CVE-2013-2075
 	RESERVED
@@ -6339,7 +6356,7 @@
 	NOTE: http://seclists.org/oss-sec/2013/q2/394
 CVE-2013-2072
 	RESERVED
-	- xen <unfixed> (low)
+	- xen 4.2.2-1 (low)
 	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat ...)

More information about the Secure-testing-commits mailing list