[Secure-testing-commits] r21467 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Mar 1 16:55:45 UTC 2013
Author: jmm
Date: 2013-03-01 16:55:45 +0000 (Fri, 01 Mar 2013)
New Revision: 21467
Modified:
data/CVE/list
Log:
no-dsa: libssh, libproxy, util-linux, busybox
new maven issue
keystone CVE dupe
packagekit issue doesn't affect Debian
varnish/tomcat not affected by world-readable log file issue
remove webkit entry, it's not tracked security-wise and singling out isolated issues is confusing
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-01 11:59:21 UTC (rev 21466)
+++ data/CVE/list 2013-03-01 16:55:45 UTC (rev 21467)
@@ -1,5 +1,6 @@
CVE-2013-XXXX [busybox insecure subdir creation under /dev]
- busybox <unfixed> (low; bug #701965)
+ [squeeze] - busybox <no-dsa> (Minor issue)
CVE-2013-2271
RESERVED
CVE-2013-2270
@@ -8,9 +9,7 @@
RESERVED
CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
- chromium-browser 25.0.1364.97-1
- - webkit <unfixed>
[squeeze] - chromium-browser <not-affected> (Vulnerable code not present)
- [squeeze] - webkit <not-affected> (Vulnerable code not present)
NOTE: MathML added in chromium 24.x, disabled again in 25.x
CVE-2012-6534
RESERVED
@@ -1057,6 +1056,7 @@
RESERVED
CVE-2013-1764
RESERVED
+ - packagekit <not-affected> (Zypp backend specific to SuSE)
CVE-2013-1763 [out-of-bounds access of the sock_diag_handlers[] array]
RESERVED
- linux <not-affected> (Introduced in 3.3)
@@ -4626,13 +4626,10 @@
NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/02/22/16
CVE-2013-0346 [tomcat world-readable logdir]
RESERVED
- TODO: check
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/02/22/15
+ - tomcat6 <not-affected> (Log files are owned by tomcat:tomcat)
CVE-2013-0345 [varnish world-readable logdir]
RESERVED
- - varnish <unfixed>
- TODO: check if varnish is affected
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/02/22/14
+ - varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
RESERVED
CVE-2013-0343
@@ -4874,9 +4871,9 @@
CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might ...)
- pidgin 2.10.6-3
NOTE: http://pidgin.im/news/security/?id=65
-CVE-2013-0270 [Large HTTP request DoS]
+CVE-2013-0270
RESERVED
- - keystone <unfixed> (bug #700240)
+ NOTE: Duplicate of CVE-2013-0247, see bug #700240
NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
CVE-2013-0269 (The JSON gem 1.7.x before 1.7.7, 1.6.x before 1.6.8, and 1.5.x before ...)
- ruby-json 1.7.3-3 (bug #700436)
@@ -4929,6 +4926,7 @@
- qt4-x11 4:4.8.2+dfsg-11 (bug #699870)
CVE-2013-0253
RESERVED
+ - maven <unfixed> (bug #701991)
CVE-2013-0252 [boost utf-8 validation issues]
RESERVED
- boost1.50 <unfixed> (bug #699650)
@@ -5197,7 +5195,8 @@
RESERVED
NOT-FOR-US: OFBiz
CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...)
- - libssh 0.5.4-1 (bug #698963)
+ - libssh 0.5.4-1 (low; bug #698963)
+ [squeeze] - libssh <no-dsa> (Minor issue)
NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8
CVE-2013-0175
@@ -5268,7 +5267,7 @@
RESERVED
- util-linux <unfixed> (bug #697464; low)
[squeeze] - util-linux <no-dsa> (Minor issue)
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/06/1
+ [wheezy] - util-linux <no-dsa> (Minor issue)
CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before ...)
{DSA-2604-1}
- rails 2.3.14.1 (bug #697722; high)
@@ -7546,7 +7545,8 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
CVE-2012-5580 [libproxy: format string issue]
RESERVED
- - libproxy 0.3.1-4
+ - libproxy 0.3.1-4 (low)
+ [squeeze] - libproxy <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=791086
NOTE: https://code.google.com/p/libproxy/source/detail?r=475
CVE-2012-5579
More information about the Secure-testing-commits
mailing list