[Secure-testing-commits] r21500 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Mar 4 09:45:33 UTC 2013 

Author: jmm
Date: 2013-03-04 09:45:33 +0000 (Mon, 04 Mar 2013)
New Revision: 21500

Modified:
   data/CVE/list
Log:
ruby-openid bugnum
new ruby-passenger issue
new libav issues
filed bug for php


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-04 09:14:24 UTC (rev 21499)
+++ data/CVE/list	2013-03-04 09:45:33 UTC (rev 21500)
@@ -31,9 +31,11 @@
 CVE-2013-2278
 	RESERVED
 CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
-	TODO: check
+	- ffmpeg <removed>
+	- libav <unfixed>
 CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
-	TODO: check
+	- ffmpeg <removed>
+	- libav <unfixed>
 CVE-2013-2275
 	RESERVED
 CVE-2013-2274
@@ -968,7 +970,7 @@
 	[squeeze] - busybox <no-dsa> (Minor issue)
 CVE-2013-1812
 	RESERVED
-	- ruby-openid <unfixed>
+	- ruby-openid <unfixed> (bug #702217)
 	- libopenid-ruby <removed>
 CVE-2013-1811 [Reporter can change issue status to 'new']
 	RESERVED
@@ -1104,7 +1106,6 @@
 CVE-2013-1766 [libvirtd changes permissions of devices to libvirt-qemu:kvm]
 	RESERVED
 	- libvirt <unfixed> (bug #701649)
-	TODO: check if versions other than experimental are affected
 CVE-2013-1765
 	RESERVED
 CVE-2013-1764
@@ -1390,9 +1391,8 @@
 	RESERVED
 CVE-2013-1643
 	RESERVED
-	- php5 <unfixed>
+	- php5 <unfixed> (bug #702221)
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
-	TODO: check
 CVE-2013-1642
 	RESERVED
 CVE-2013-1641
@@ -1409,9 +1409,9 @@
 	RESERVED
 CVE-2013-1635
 	RESERVED
-	- php5 <unfixed>
+	- php5 <unfixed> (unimportant; bug #702221)
+	NOTE: open_basedir not supported
 	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
-	TODO: check
 CVE-2013-1634
 	RESERVED
 CVE-2013-1633
@@ -5834,6 +5834,7 @@
 	RESERVED
 CVE-2012-6135
 	RESERVED
+	- ruby-passenger (low; bug #702219)
 CVE-2012-6134
 	RESERVED
 	NOT-FOR-US: ruby-omniauth, there was a sponsor request, but no ITP: http://osdir.com/ml/debian-mentors/2011-08/msg00662.html

More information about the Secure-testing-commits mailing list