[Secure-testing-commits] r22674 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jun 18 19:55:04 UTC 2013
Author: jmm
Date: 2013-06-18 19:55:03 +0000 (Tue, 18 Jun 2013)
New Revision: 22674
Modified:
data/CVE/list
Log:
movabletype no-dsa
no-dsa for squeeze: automysqlbackup, mahara, axis, boinc
disputed dokuwiki issue unimportant
update status of one ffmpeg entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-18 19:50:06 UTC (rev 22673)
+++ data/CVE/list 2013-06-18 19:55:03 UTC (rev 22674)
@@ -1940,9 +1940,8 @@
CVE-2013-3676
RESERVED
CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg ...)
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
- - libav <not-affected> (codec not built)
+ - ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
+ - libav <not-affected> (Smush codec not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
- ffmpeg <removed>
@@ -5385,6 +5384,8 @@
CVE-2013-2184
RESERVED
- movabletype-opensource <unfixed> (bug #712602)
+ [squeeze] - movabletype-opensource <no-dsa> (Minor issue)
+ [wheezy] - movabletype-opensource <no-dsa> (Minor issue)
CVE-2013-2183
RESERVED
- monkey <removed> (low)
@@ -5994,7 +5995,8 @@
- clamav 0.97.8+dfsg-1
CVE-2013-2019 [stack overflow vulnerabilities in the XML parser]
RESERVED
- - boinc 6.13.6+dfsg-1
+ - boinc 6.13.6+dfsg-1 (low)
+ [squeeze] - boinc <no-dsa> (Minor issue)
NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156
CVE-2013-2018 [SQL injections in the server-side scheduler code]
RESERVED
@@ -13265,7 +13267,8 @@
NOT-FOR-US: Axis2/Java
NOTE: Axis2/C is packaged as axis2c, but this is a different software.
CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
- - axis 1.4-16.1 (bug #692650)
+ - axis 1.4-16.1 (low; bug #692650)
+ [squeeze] - axis <no-dsa> (Minor issue)
CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
- commons-httpclient 3.1-10.1 (bug #692442)
[squeeze] - commons-httpclient <no-dsa> (Minor issue)
@@ -23024,7 +23027,7 @@
[squeeze] - dokuwiki <not-affected>
NOTE: http://secunia.com/advisories/48848/
CVE-2012-2128 (** DISPUTED ** ...)
- - dokuwiki 0.0.20120125a-1
+ - dokuwiki 0.0.20120125a-1 (unimportant)
NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
- linux-2.6 3.2-1
@@ -31033,7 +31036,8 @@
- libcap2 1:2.22-1 (low)
[squeeze] - libcap2 <no-dsa> (Minor issue)
CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux ...)
- - linux-2.6 3.2.1-1
+ - linux 3.2.1-1
+ - linux-2.6 <removed>
CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the ...)
- linux-2.6 3.0.0-6
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
@@ -32513,7 +32517,8 @@
RESERVED
CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)]
RESERVED
- - mahara <unfixed> (bug #699230)
+ - mahara <unfixed> (low; bug #699230)
+ [squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441
CVE-2011-3641
RESERVED
More information about the Secure-testing-commits
mailing list