[Secure-testing-commits] r22978 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Jul 17 13:59:53 UTC 2013
Author: jmm
Date: 2013-07-17 13:59:53 +0000 (Wed, 17 Jul 2013)
New Revision: 22978
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
- remove <unfixed> entries for suites, not needed and causing problems later
- remove <no-dsa> for mysql issue, will be fixed whe updating to 5.5.32
- add mysql5.5 to dsa-needed, 5.1 still neededx
- update mysql status for issue not affecting 5.1 or 5.5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-17 13:42:41 UTC (rev 22977)
+++ data/CVE/list 2013-07-17 13:59:53 UTC (rev 22978)
@@ -1571,8 +1571,6 @@
NOTE: update checks are disabled in Debian by default, see debian/patches/check-for-new-version.patch
CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...)
- php5 <unfixed> (bug #717139)
- [wheezy] - php5 <unfixed> (bug #717139)
- [squeeze] - php5 <unfixed> (bug #717139)
CVE-2013-4112
RESERVED
- libjgroups-java <unfixed>
@@ -2229,57 +2227,48 @@
CVE-2013-3812
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3811
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects Mysql 5.6)
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3810
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects Mysql 5.6)
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3809
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3808
RESERVED
- mysql-5.5 <unfixed>
- mysql-5.1 <removed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3807
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects Mysql 5.6)
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3806
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects Mysql 5.6)
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3805
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3804
RESERVED
- mysql-5.5 <unfixed>
- mysql-5.1 <removed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3803
RESERVED
CVE-2013-3802
@@ -2287,49 +2276,42 @@
- mysql-5.5 <unfixed>
- mysql-5.1 <removed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3801
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3800
RESERVED
CVE-2013-3799
RESERVED
CVE-2013-3798
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects Mysql 5.6)
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3797
RESERVED
CVE-2013-3796
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects Mysql 5.6)
+ - mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3795
RESERVED
- - mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.5 <not-affected> (Only affects 5.5 and 5.6)
+ - mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3794
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3793
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3792 [virtio-net host DoS]
RESERVED
- virtualbox-ose <removed>
@@ -2354,9 +2336,8 @@
CVE-2013-3783
RESERVED
- mysql-5.5 <unfixed>
- - mysql-5.1 <removed>
+ - mysql-5.1 <not-affected> (Only affects 5.5)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- TODO: check
CVE-2013-3782
RESERVED
CVE-2013-3781
@@ -2563,7 +2544,7 @@
CVE-2013-3693
RESERVED
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
- TODO: check
+ NOT-FOR-US: Blackberry OS
CVE-2013-3691
RESERVED
CVE-2013-3690
@@ -2676,7 +2657,7 @@
CVE-2013-3656
RESERVED
CVE-2013-3655 (The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 ...)
- TODO: check
+ NOT-FOR-US: Sharp AQUOS PhotoPlayer
CVE-2013-3654 (Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through ...)
NOT-FOR-US: EC-CUBE
CVE-2013-3653 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -3163,7 +3144,7 @@
CVE-2013-3429
RESERVED
CVE-2013-3428 (The web interface in Cisco Secure Access Control System (ACS) does not ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3427
RESERVED
CVE-2013-3426
@@ -3173,7 +3154,7 @@
CVE-2013-3424 (Cross-site request forgery (CSRF) vulnerability in Administration and ...)
TODO: check
CVE-2013-3423 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3422 (Cross-site scripting (XSS) vulnerability in Administration pages in ...)
TODO: check
CVE-2013-3421 (Cross-site scripting (XSS) vulnerability in the Help index page in ...)
@@ -7373,7 +7354,6 @@
NOTE: Such injection issues are not treated as security issues
CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, ...)
- mysql-5.5 <unfixed> (low; bug #706715)
- [wheezy] - mysql-5.5 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.5.x)
- mysql-5.1 <removed> (low; bug #706715)
NOTE: https://mariadb.atlassian.net/browse/MDEV-4252
CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2013-07-17 13:42:41 UTC (rev 22977)
+++ data/dsa-needed.txt 2013-07-17 13:59:53 UTC (rev 22978)
@@ -49,6 +49,8 @@
--
mysql-5.1/oldstable
--
+mysql-5.5/stable
+--
openjdk-6 (jmm)
--
openswan
More information about the Secure-testing-commits
mailing list