[Secure-testing-commits] r21709 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Mar 22 13:11:52 UTC 2013 

Author: jmm
Date: 2013-03-22 13:11:51 +0000 (Fri, 22 Mar 2013)
New Revision: 21709

Removed:
   data/ospu-candidates.txt
   data/spu-candidates.txt
Modified:
   data/CVE/list
Log:
NFUs
remove *candidate files, no longer needed with jmws tracker tool


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-22 11:50:05 UTC (rev 21708)
+++ data/CVE/list	2013-03-22 13:11:51 UTC (rev 21709)
@@ -27,14 +27,11 @@
 CVE-2013-2618
 	RESERVED
 CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to ...)
-	TODO: check
-	NOTE: http://www.osvdb.org/91230
+	NOT-FOR-US: Ruby Curl gem
 CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote ...)
-	TODO: check
-	NOTE: http://www.osvdb.org/91231
+	NOT-FOR-US: Ruby MiniMagick gem
 CVE-2013-2615 (lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows ...)
-	TODO: check
-	NOTE: http://www.osvdb.org/91232
+	NOT-FOR-US: Ruby fastreader gem
 CVE-2013-2614
 	RESERVED
 CVE-2013-2613
@@ -881,7 +878,7 @@
 CVE-2013-2264
 	RESERVED
 CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...)
-	TODO: check
+	NOT-FOR-US: Citrix Access Gateway
 CVE-2013-2262
 	RESERVED
 CVE-2013-2261
@@ -1681,8 +1678,6 @@
 CVE-2013-1868 [VLC Buffer overflows]
 	RESERVED
 	- vlc <unfixed>
-	TODO: check
-	NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/03/17/1
 	NOTE: http://www.videolan.org/security/sa1301.html
 CVE-2013-1867
 	RESERVED
@@ -2059,7 +2054,7 @@
 	- twiki <removed>
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
 CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...)
-	TODO: check
+	NOT-FOR-US: RealPlayer
 CVE-2013-1749
 	RESERVED
 CVE-2013-1748
@@ -3827,15 +3822,15 @@
 CVE-2013-0982
 	RESERVED
 CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ...)
-	TODO: check
+	NOT-FOR-US: Apple iOS
 CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote ...)
 	NOT-FOR-US: Mac OS X
 CVE-2013-0975

Deleted: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2013-03-22 11:50:05 UTC (rev 21708)
+++ data/ospu-candidates.txt	2013-03-22 13:11:51 UTC (rev 21709)
@@ -1,6 +0,0 @@
-This file records minor security issues, which do not warrant a DSA,
-but which could be fixed in a stable point update if people feel like
-it. If someone wants to address these, please add a note about it
-and get in contact with debian-release at lists.debian.org
-
---

Deleted: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2013-03-22 11:50:05 UTC (rev 21708)
+++ data/spu-candidates.txt	2013-03-22 13:11:51 UTC (rev 21709)
@@ -1,573 +0,0 @@
-This file records minor security issues, which do not warrant a DSA,
-but which could be fixed in a stable point update if people feel like
-it. If someone wants to address these, please add a note about it
-and get in contact with debian-release at lists.debian.org
-
-abcm2ps (CVE-2010-3441, CVE-2010-4743, CVE-2010-4744)
-#577014
-awaiting maintainer response
-
---
-
-alpine (CVE-2008-5514)
-
---
-
-apt (CVE-2011-3634)
-http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28 
-https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
-
-
--
-
-as31 (CVE-2012-0808)
-#655496)
-
---
-
-ax25-tools (CVE-2011-2910)
-#638918
-waiting unstable
-
---
-
-backuppc (CVE-2011-4923, CVE-2011-3361, CVE-2011-5081)
-641450 646865 661011
-
---
-
-bitlbee (CVE-2012-1187)
-http://bugs.bitlbee.org/bitlbee/ticket/852
-http://bugs.bitlbee.org/bitlbee/changeset/devel%2C856#file3
-
---
-
-bugzilla (CVE-2012-0440, CVE-2012-0448, CVE-2012-0453, CVE-2012-0465, CVE-2012-0466)
-https://bugzilla.mozilla.org/show_bug.cgi?id=728639
-https://bugzilla.mozilla.org/show_bug.cgi?id=745397
-https://bugzilla.mozilla.org/show_bug.cgi?id=714472
-https://bugzilla.mozilla.org/show_bug.cgi?id=718319
-https://bugzilla.mozilla.org/show_bug.cgi?id=725663
-
---
-
-cedet (CVE-2012-0035)
-#655299
-
---
-
-cherokee (CVE-2011-2191)
-#661993
-tracking
-
---
-
-cifs-utils (CVE-2012-1586)
-#665923
-tracking
-
---
-
-csound (CVE-2012-0270, CVE-2012-2108, CVE-2012-2107, CVE-2012-2106)
-http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commit;h=61d1df45ca9a52bab62892a3c3a13c41e6384505 (CVE-2012-2108)
-http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2
-http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=blobdiff;f=util/pv_import.c;h=4766dbff22510675a444dd242d432292893949c9;hp=811fccf0a04ec39964710fae509b601fdc330852;hb=7d617a9551fb6c552ba16874b71266fcd90f3a6f;hpb=5fbf93d9f6dc21b9e4e085b26b724ba73c2f1c01
-http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch3
-http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
-
---
-
-ecryptfs-utils (CVE-2011-1833)
-
---
-
-elixir (CVE-2012-2146)
-#670919
-tracking
-
---
-
-emacs23 (CVE-2012-0035)
-#655300
-tracking
-
---
-
-empathy (CVE-2011-3635)
-http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36
-https://bugzilla.gnome.org/show_bug.cgi?id=662035
-
-
---
-
-CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...)
-http://seclists.org/oss-sec/2011/q1/368
-http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
-
-
---
-
-fabric (CVE-2011-2185)
-#629003
-tracking
-
---
-
-fail2ban [fail2ban: Insecure creating/writing to tmpfile]
-#544232
-awaiting maintainer response
-
---
-
-feedparser
-CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes]
-CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]
-CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash]
-CVE-2009-5065 [XSS vuln]
-#617998
-awaiting maintainer response
-
---
-
-feh (CVE-2011-0702, CVE-2011-1031)
-#612035
-https://derf.homelinux.org/git/feh/commit/?id=23421a86cc826dd30f3dc4f62057fafb04b3ac40
-https://derf.homelinux.org/git/feh/commit/?id=29ab0855f044ef2fe9c295b72abefcb37f0861a5
-tracking
-
---
-
-flightgear (CVE-2012-2090, CVE-2012-2091)
-#669024
-tracking
-
---
-
-fuse (CVE-2010-3879 
-#602333
-tracking
-
---
-
-foo2zjs (CVE-2011-2684)
-maintainer notified in initial bug report
-
---
-
-gallery2 (CVE-2012-1113)
-
-
---
-
-gdk-pixbuf (CVE-2011-2485)
-#631524
-tracking
-
---
-
-gif2png (CVE-2010-4694, CVE-2010-4695)
-#610479
-
---
-
-gimp (CVE-2012-2763)
-http://www.openwall.com/lists/oss-security/2012/05/31/1
-http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
-
---
-
-hammerhead (CVE-2011-3204)
-#639890
-waiting unstable requested removal
-
---
-
-icecast2 (CVE-2011-4612)
-notified in initial bugreport
-
---
-
-icinga (CVE-2011-1523, CVE-2011-2477)
-http://tracker.nagios.org/view.php?id=207
-https://dev.icinga.org/issues/1605
-
---
-
-isc-dhcp (CVE-2011-4539)
-#652259
-tracking
-
---
-
-jetty (CVE-2011-4461)
-Fixed in 6.1.26
-
---
-
-kdeutils (CVE-2011-2725)
-#635541
-maintainers notified in bug log
-
---
-
-krb5 (CVE-2011-4151)
-#646367
-tracking
-
-krb5 (CVE-2012-1013)
-https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b
-http://krbdev.mit.edu/rt/Ticket/Display.html?id=7152
-
---
-
-libcommons-compress-java (CVE-2012-2098)
-https://commons.apache.org/compress/security.html 
-
---
-
-libgssglue (CVE-2011-2709)
-patch in bug #670256
-tracking
-
---
-
-libsoup2.4 (CVE-2012-2132)
-#672880
-https://bugzilla.gnome.org/show_bug.cgi?id=666280
-tracking
-
---
-
-libvirt (CVE-2011-4600)
-http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ae1232b298323dd7bef909426e2ebafa6bca9157
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4600
-
-
---
-
-libxslt (CVE-2011-3970)
-#660650
-http://git.gnome.org/browse/libxslt/commit/?id=fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
-tracking
-
---
-
-mathopd (CVE-2012-1050)
-#660627
-tracking
-
---
-
-moodle (CVE-2012-1155)
-#668411
-http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-25185
-suggested spu in bug report
-tracking
-
---
-
-mpack (CVE-2011-4919)
-#655971
-tracking
-
---
-
-namazu2 (CVE-2011-4345)
-
---
-
-ncpfs (CVE-2011-1679, CVE-2011-1680)
-
---
-
-net (CVE-2011-4091, CVE-2011-4093)
-#647318, #647317
-tracking
-
---
-
-network-manager (CVE-2011-2176)
-#631520
-http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737
-http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0
-http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e
-tracking
-
---
-
-offlineimap (CVE-2010-4532, CVE-2010-4533)
-#606962, #603450
-
---
-
-open-vm-tools (CVE-2011-1681, CVE-2011-1787, CVE-2011-2145, CVE-2011-2146)
-#623968, #631507, #631508, #631506
-tracking
-
---
-
-openldap (CVE-2012-1164)
-#663644
-tracking
-
---
-
-openssh (CVE-2011-5000)
-http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/gss-serv.c.diff?r1=1.22;r2=1.23
-
---
-
-openvas-scanner (CVE-2011-3351)
-#641327
-maintainer notified through bugreport
-tracking
-
---
-
-otrs2 (CVE-2011-2746)
-http://otrs.org/advisory/OSA-2011-03-en/
-
---
-
-pam (CVE-2010-3435, CVE-2010-3853, CVE-2010-4706, CVE-2010-4707, CVE-2010-4708
-#608273
-#599832
-#611136
-
---
-
-pam-shield (CVE-2012-2350)
-#658830
-tracking
-
---
-
-pastescript (CVE-2012-0878)
-#661061
-https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
-tracking
-
-
---
-
-perl (CVE-2011-2728)
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2728
-http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
-
---
-
-php-suhosin (CVE-2012-0807)
-#657190
-tracking
-
---
-
-pidgin (CVE-2012-1178)
-#664030
-tracking
-
---
-
-polipo (CVE-2011-3596)
-#644289
-tracking
-
---
-
-prosody (CVE-2011-2205)
-#579087
-Also requires additional fix in lua-expat
-
---
-
-putty (CVE-2011-4607)
-Fixed in 0.62-1
-
---
-
-prosody (CVE-2011-2531, CVE-2011-2532)
-Fixed in 0.8.1-1
-
---
-
-pyfribidi (CVE-2012-1176)
-#663189
-tracking
-
---
-
-python2.5 (CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's list_directory()])
-http://www.openwall.com/lists/oss-security/2012/03/14/11
-
-CVE-2012-1150
-
---
-
-python2.6 (CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's list_directory()])
-#664135
-http://www.openwall.com/lists/oss-security/2012/03/14/11
-
-CVE-2011-4944
-#650555
-http://bugs.python.org/file23824/pypirc-secure.diff
-
-CVE-2012-1150
-
---
-
-python3.1
-
-CVE-2012-1150
-
---
-
-pyro (CVE-2011-2765)
-#631912
-awaiting maintainer response
-
---
-
-rampart (CVE-2011-2329)
-#631221
-tracking
-
---
-
-rdesktop (CVE-2011-1595)
-#623552
-https://bugzilla.redhat.com/attachment.cgi?id=492845&action=diff&context=patch&collapsed=&headers=1&format=raw
-tracking
-
---
-
-rocksndiamonds (CVE-2011-4606)
-#651620
-tracking
-
---
-
-rsyslog (CVE-2011-1488, CVE-2011-1489, CVE-2011-1490)
-http://marc.info/?l=oss-security&m=130194141413125&w=2
-CVE-2011-3200
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3200
-
-CVE-2011-4623
-http://git.adiscon.com/?p=rsyslog.git;a=commit;h=6bad782f154b7f838c7371bf99c13f6dc4ec4101
-
---
-
-ruby1.8 (CVE-2011-1004, CVE-2011-1005)
-#615517, #615518
-awaiting maintainer response
-
-CVE-2011-3624
-
---
-
-ruby1.9 (CVE-2011-10045B)
-#615519
-awaiting maintainer response
-
-CVE-2011-3624
-
---
-
-system-config-printer (CVE-2011-2899)
-#639243
-tracking
-
---
-
-taglib (CVE-2012-1107, CVE-2012-1108)
-#662705
-tracking
-
---
-
-texlive-extra (CVE-2012-2120)
-#668779
-tracking
-
---
-
-torcs (CVE-2012-1189)
-#660555
-tracking
-
---
-
-tsclient (CVE-2011-0900, CVE-2011-0901)
-#613204
-tracking
-
---
-
-tucan (CVE-2012-0063)
-#656388
-tracking
-
---
-
-unixodbc (CVE-2011-1145)
-#617655
-tracking
-
---
-
-uzbl (CVE-2012-0843)
-#659379
-tracking
-
---
-
-vte (CVE-2012-2738)
-#677717
-tracking
-
---
-
-xinetd (CVE-2012-0862)
-https://bugzilla.redhat.com/show_bug.cgi?id=790940
-
-
---
-
-zendframework (CVE-2011-1939)
-http://framework.zend.com/security/advisory/ZF2011-02
-
---
-
-x11-apps (CVE-2011-2504)
-http://cgit.freedesktop.org/xorg/app/x11perf/commit/?id=fefc834c419085b2db3b2d7d57bdbfe240d1b75c
-
---
-
-xorg (CVE-2012-1093)
-#661627
-tracking
-
---
-
-nss (CVE-2011-XXXX)
-https://bugzilla.mozilla.org/show_bug.cgi?id=641052
-
---
-
-zorp (CVE-2009-3555)
-
---
-
-mathopd (CVE-2012-1050)
-
---
-
-systemtap (CVE-2012-0875)
-
---
-
-backuppc (CVE-2011-5081)
-
---
-
-clamav (CVE-2012-1459, CVE-2012-1458, CVE-2012-1457, CVE-2012-1443, CVE-2012-1419)
-

More information about the Secure-testing-commits mailing list