[Secure-testing-commits] r22140 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri May 3 07:11:54 UTC 2013
Author: jmm
Date: 2013-05-03 07:11:53 +0000 (Fri, 03 May 2013)
New Revision: 22140
Modified:
data/CVE/list
Log:
another two java issues not-affected
activemq not-affected
rails issue umimportant
telepathy-idle: no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-05-03 06:22:13 UTC (rev 22139)
+++ data/CVE/list 2013-05-03 07:11:53 UTC (rev 22140)
@@ -230,11 +230,11 @@
- linux-2.6 <removed> (low)
- linux <unfixed> (low)
CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...)
- - ruby-activerecord-3.2 <unfixed>
- - ruby-activerecord-2.3 <unfixed>
- - rails 2.3.14.1
+ - ruby-activerecord-3.2 <unfixed> (unimportant)
+ - ruby-activerecord-2.3 <unfixed> (unimportant)
+ - rails 2.3.14.1 (unimportant)
NOTE: Starting with 2.3.14.1 rails is a transition package
- TODO: check
+ NOTE: This is a general design problem and only mitigated by documented best practices
CVE-2013-3220
RESERVED
CVE-2013-3219
@@ -563,8 +563,7 @@
CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H ...)
TODO: check
CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require ...)
- - activemq <unfixed>
- TODO: check
+ - activemq <not-affected> (Web console not provided in Debian package, see #702670)
CVE-2013-3059
RESERVED
- joomla <itp> (bug #571794)
@@ -2861,6 +2860,7 @@
RESERVED
CVE-2013-2025
RESERVED
+ NOT-FOR-US: Ushahidi
CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme]
RESERVED
- chicken <unfixed> (bug #706525)
@@ -4015,6 +4015,7 @@
- bouncycastle <unfixed> (low; bug #699885)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[wheezy] - bouncycastle <no-dsa> (Minor issue)
+ NOTE: Fixed in experimental in 1.48+dfsg-1
CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
- mysql-5.1 <unfixed>
- mysql-5.5 <unfixed> (bug #699886)
@@ -4217,9 +4218,8 @@
CVE-2013-1541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle Finacial Services
CVE-2013-1540 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
- TODO: check
+ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1539 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
NOT-FOR-US: Oracle Financial Services
CVE-2013-1538 (Unspecified vulnerability in the Network Layer component in Oracle ...)
@@ -7226,8 +7226,8 @@
CVE-2013-0403 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
NOT-FOR-US: Solaris
CVE-2013-0402 (Heap-based buffer overflow in the Java Runtime Environment (JRE) ...)
- - openjdk-7 <undetermined>
- NOTE: No details currently known
+ - openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
+ - openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0401 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...)
- openjdk-7 7u21-2.3.9-1
- openjdk-6 6b27-1.12.5-1
@@ -24715,7 +24715,9 @@
RESERVED
CVE-2007-6746 [telepathy-idle does not check SSL certificates]
RESERVED
- - telepathy-idle 0.1.15-1 (bug #706094)
+ - telepathy-idle 0.1.15-1 (low; bug #706094)
+ [wheezy] - telepathy-idle <no-dsa> (Minor issue)
+ [squeeze] - telepathy-idle <no-dsa> (Minor issue)
CVE-2007-6745 [clamav floating point exception in OLE2 scanner DoS]
RESERVED
- clamav 0.91.2-1~volatile1
More information about the Secure-testing-commits
mailing list