[Secure-testing-commits] r22599 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2013-06-14 08:15:27 +0000 (Fri, 14 Jun 2013)
New Revision: 22599

Modified:
   data/CVE/list
Log:
don't use <unfixed> for squeeze and wheezy suites: always implicitly unfixed
remove some <not-affected> entries for wireshark in squeeze; 1.6 is the oldest supported branch, but 
   that doesn't mean that 1.2 isn't affected
some wireshark issues unimportant
NFU


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-06-14 06:39:08 UTC (rev 22598)
+++ data/CVE/list	2013-06-14 08:15:27 UTC (rev 22599)
@@ -1043,56 +1043,45 @@
 	RESERVED
 CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
-	[squeeze] - wireshark <not-affected> (Only affects 1.6+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717
 CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
 CVE-2013-4081 (The http_payload_subdissector function in ...)
-	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
-	[squeeze] - wireshark <not-affected> (Only affects 1.6+)
+	- wireshark <unfixed> (unimportant; bug #711918)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
+	NOTE: Not suitable for code injection
 CVE-2013-4080 (The dissect_r3_upstreamcommand_queryconfig function in ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764
 CVE-2013-4079 (The dissect_schedule_message function in ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730
 CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
 CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x before ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697
 CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727
 CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726
 CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in ...)
 	- wireshark <unfixed> (bug #711918)
-	[wheezy] - wireshark <unfixed> (bug #711918)
-	[squeeze] - wireshark <not-affected> (Only affects 1.6+)
+	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
 CVE-2013-4073
 	RESERVED
@@ -2669,7 +2658,7 @@
 CVE-2013-3344
 	RESERVED
 CVE-2013-3343 (Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash
 CVE-2013-3342 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2013-3341 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
@@ -5332,8 +5321,6 @@
 CVE-2013-2178 [fail2ban remote denial of service]
 	RESERVED
 	- fail2ban 0.8.10-1
-	[wheezy] - fail2ban <unfixed>
-	[squeeze] - fail2ban <unfixed>
 CVE-2013-2177
 	RESERVED
 CVE-2013-2176
@@ -5357,7 +5344,7 @@
 	RESERVED
 	{DSA-2707-1}
 	- dbus 1.6.12-1
-	[squeeze] - dbus <not-affected>
+	[squeeze] - dbus <not-affected> (Introduced in 1.4.16)
 CVE-2013-2167
 	RESERVED
 CVE-2013-2166