[Secure-testing-commits] r22531 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jun 7 13:48:51 UTC 2013
Author: jmm
Date: 2013-06-07 13:48:51 +0000 (Fri, 07 Jun 2013)
New Revision: 22531
Modified:
data/CVE/list
Log:
NFUs
libkdcraw / darktable not in oldstable, remove no-dsa for squeeze
new monkey issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-07 12:30:52 UTC (rev 22530)
+++ data/CVE/list 2013-06-07 13:48:51 UTC (rev 22531)
@@ -443,6 +443,7 @@
CVE-2013-3843
RESERVED
- monkey <removed>
+ [squeeze] - monkey <no-dsa> (Minor issue)
NOTE: http://bugs.monkey-project.com/ticket/182
CVE-2013-3919 (resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, ...)
- bind9 <not-affected> (vulnerable code not present)
@@ -4040,6 +4041,8 @@
RESERVED
CVE-2013-2159
RESERVED
+ - monkey <removed>
+ [squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2158
RESERVED
CVE-2013-2157
@@ -4152,8 +4155,6 @@
- libkdcraw <unfixed> (low; bug #711317)
- darktable <unfixed> (low; bug #711316)
[wheezy] - darktable <no-dsa> (minor issue)
- [squeeze] - darktable <no-dsa> (minor issue)
- [squeeze] - libkdcraw <no-dsa> (minor issue)
[wheezy] - libkdcraw <no-dsa> (minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
@@ -4335,17 +4336,14 @@
RESERVED
- xen <unfixed>
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
- TODO: check
CVE-2013-2077 [xen: Hypervisor crash due to missing exception recovery on XRSTOR]
RESERVED
- xen <unfixed>
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
- TODO: check
CVE-2013-2076 [xen: Information leak on XSAVE/XRSTOR capable AMD CPUs]
RESERVED
- xen <unfixed>
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
- TODO: check
CVE-2013-2075
RESERVED
- chicken <not-affected> (Incomplete fix was never applied)
@@ -7239,7 +7237,7 @@
CVE-2013-1024 (CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly ...)
NOT-FOR-US: CoreMedia Playback
CVE-2013-1023 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1022 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2013-1021 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
@@ -7259,15 +7257,15 @@
CVE-2013-1014 (Apple iTunes before 11.0.3 does not properly verify X.509 ...)
NOT-FOR-US: Apple iTunes
CVE-2013-1013 (XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1012 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
NOT-FOR-US: Apple iTunes
CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
NOT-FOR-US: Apple iTunes
CVE-2013-1009 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
NOT-FOR-US: Apple iTunes
CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
More information about the Secure-testing-commits
mailing list