[Secure-testing-commits] r21586 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Mar 12 11:26:42 UTC 2013 

Author: jmm
Date: 2013-03-12 11:26:42 +0000 (Tue, 12 Mar 2013)
New Revision: 21586

Modified:
   data/CVE/list
Log:
ruby-openid no-dsa
NFUs
new qpid-cpp issue
one firebird issue doesn't affect 2.1
new kernel issue
two unspecified java issues from CanSecWest


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-12 07:34:30 UTC (rev 21585)
+++ data/CVE/list	2013-03-12 11:26:42 UTC (rev 21586)
@@ -146,7 +146,6 @@
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-22.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
 	NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X
-	TODO: squeeze version 1.2.x affected also?
 CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...)
 	- wireshark <unfixed> (unimportant)
 	[squeeze] - wireshark <not-affected> (only 1.8.x series)
@@ -1576,7 +1575,8 @@
 CVE-2013-1812
 	RESERVED
 	- ruby-openid 2.1.8debian-6 (bug #702217)
-	- libopenid-ruby <removed>
+	- libopenid-ruby <removed> (bug #702217)
+	[squeeze] - libopenid-ruby <no-dsa> (Minor issue)
 CVE-2013-1811 [Reporter can change issue status to 'new']
 	RESERVED
 	- mantis <unfixed> (low; bug #698481)
@@ -3633,6 +3633,8 @@
 	RESERVED
 CVE-2013-0914
 	RESERVED
+	- linux <unfixed>
+	- linux-2.6 <removed>
 CVE-2013-0913
 	RESERVED
 CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers ...)
@@ -5174,9 +5176,11 @@
 CVE-2013-0403
 	RESERVED
 CVE-2013-0402 (Heap-based buffer overflow in Oracle Java 7 Update 17, and possibly ...)
-	TODO: check
+	- openjdk-7 <undetermined>
+	NOTE: No details currently known
 CVE-2013-0401 (Oracle Java 7 Update 17, and possibly other versions, allows remote ...)
-	TODO: check
+	- openjdk-7 <undetermined>
+	NOTE: No details currently known
 CVE-2013-0400 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...)
 	NOT-FOR-US: Solaris
 CVE-2013-0399 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...)
@@ -5401,8 +5405,10 @@
 	- drupal6 <not-affected> (Only affects Drupal 7)
 CVE-2013-0315
 	RESERVED
+	NOT-FOR-US: GateIn Portal
 CVE-2013-0314
 	RESERVED
+	NOT-FOR-US: GateIn Portal
 CVE-2013-0313 (The evm_update_evmxattr function in ...)
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Vulnerable code not present)
@@ -8362,6 +8368,7 @@
 CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
 	- firebird2.5 <unfixed> (low; bug #693210)
 	[squeeze] - firebird2.5 <no-dsa> (Minor issue)
+	- firebird2.1 <not-affected> (Only affects 2.5.x)
 CVE-2012-5528
 	RESERVED
 CVE-2012-5527
@@ -11354,6 +11361,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
 CVE-2012-4446
 	RESERVED
+	- qpid-cpp <unfixed>
 CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
 	{DSA-2557-1}
 	- hostapd <removed>

More information about the Secure-testing-commits mailing list