[Secure-testing-commits] r21700 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Mar 21 15:44:00 UTC 2013 

Author: jmm
Date: 2013-03-21 15:43:59 +0000 (Thu, 21 Mar 2013)
New Revision: 21700

Modified:
   data/CVE/list
Log:
one chrome issue specific to chrome, doesn't affect libav
another chrome issue affects ffmpeg-mt, which might affect libav
generic protocol issue in RC4
chicken no-dsa
one rails issue doesn't affect stable
new kernel issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-21 05:57:34 UTC (rev 21699)
+++ data/CVE/list	2013-03-21 15:43:59 UTC (rev 21700)
@@ -135,7 +135,7 @@
 CVE-2013-2567
 	RESERVED
 CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has ...)
-	TODO: check
+	NOTE: Generic protocol flaw in RC4
 CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...)
 	- linux <unfixed> (low)
 	- linux-2.6 <removed> (low)
@@ -1667,15 +1667,14 @@
 	NOTE: http://osvdb.org/91450
 CVE-2013-1874 [Chicken Scheme: code execution]
 	RESERVED
-	- chicken <unfixed>
+	- chicken <unfixed> (low; bug #702410)
+	[squeeze] - chicken <no-dsa> (Minor issue)
+	[wheezy] - chicken <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
-	TODO: check
 CVE-2013-1873 [linux kernel kernel stack memory disclosure]
 	RESERVED
-	NOTE: http://git.kernel.org/linus/29cd8ae0e1a39e239a3a7b67da1986add1199fc0
-	NOTE: http://git.kernel.org/linus/84d73cd3fb142bf1298a8c13fd4ca50fd2432372
-	NOTE: http://git.kernel.org/linus/c085c49920b2f900ba716b4ca1c1a55ece9872cc
-	TODO: check
+	- linux <unfixed>
+	- linux-2.6 <removed>
 CVE-2013-1872
 	RESERVED
 CVE-2013-1871
@@ -9610,12 +9609,12 @@
 	TODO: re-check uploads newer than 3.8.9.20
 CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
 	- chromium-browser 24.0.1312.68-1
-	TODO: Might affect ffmpeg/libav
 CVE-2012-5151 (Integer overflow in Google Chrome before 24.0.1312.52 allows remote ...)
 	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
 CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
 	- chromium-browser 24.0.1312.68-1
-	TODO: Might affect ffmpeg/libav
+	- ffmpeg <removed>
+	- libav <unfixed>
 CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...)
 	- chromium-browser 24.0.1312.68-1
 CVE-2012-5148 (The hyphenation functionality in Google Chrome before 24.0.1312.52 ...)
@@ -20125,6 +20124,7 @@
 CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...)
 	- ruby-actionpack-2.3 2.3.14-3 (bug #668977)
 	- rails 2.3.14
+	[squeeze] - rails <not-affected> (Vulnerable code not present)
 	NOTE: (code lives within ruby-actionpack in unstable)
 CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before ...)
 	{DSA-2443-1}

More information about the Secure-testing-commits mailing list