[Secure-testing-commits] r22206 - data/CVE

Wed May 8 22:52:10 UTC 2013

Author: jmm
Date: 2013-05-08 22:52:10 +0000 (Wed, 08 May 2013)
New Revision: 22206

Modified:
   data/CVE/list
Log:
no-dsa: libapache2-mod-ruid2, mantis, openvpn
one more openjdk issue fixed
yum unimportant
record texlive fix in experimental, will be uploaded to sid now that the freeze is over


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-05-08 21:14:36 UTC (rev 22205)
+++ data/CVE/list	2013-05-08 22:52:10 UTC (rev 22206)
@@ -3169,7 +3169,10 @@
 	RESERVED
 CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt]
 	RESERVED
+	TODO: File bug
 	- openvpn <unfixed> (low)
+	[squeeze] - openvpn <no-dsa> (Minor issue)
+	[wheezy] - openvpn <no-dsa> (Minor issue)
 	NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
 CVE-2013-2060
 	RESERVED
@@ -3549,7 +3552,10 @@
 	RESERVED
 CVE-2013-1934 [mantis: XSS issue on Configuration Report page when displaying complex value]
 	RESERVED
-	- mantis <unfixed>
+	- mantis <unfixed> (low)
+	[wheezy] - mantis <no-dsa> (Minor issue)
+	[squeeze] - mantis <no-dsa> (Minor issue)
+	TODO: File bug
 	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=15416
 CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...)
@@ -3634,9 +3640,9 @@
 	NOT-FOR-US: ldoce ruby gem
 CVE-2013-1910 [Not removing bad metadata and using it in next run]
 	RESERVED
-	- yum <unfixed>
+	- yum <unfixed> (unimportant)
 	NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0
-	TODO: check if this is relevant for Debian
+	NOTE: Only used for bootstraps of chroots, see README.Debian
 CVE-2013-1909
 	RESERVED
 CVE-2013-1908
@@ -3698,7 +3704,8 @@
 	- owncloud <not-affected> (only affecting 5.0 branch)
 CVE-2013-1889
 	RESERVED
-	- libapache2-mod-ruid2 0.9.8-1 (bug #704066)
+	- libapache2-mod-ruid2 0.9.8-1 (low; bug #704066)
+	[wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
 	NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
 CVE-2013-1888 [Insecure temporary directory handling /tmp/pip-build]
 	RESERVED
@@ -3968,6 +3975,7 @@
 CVE-2013-1811 [Reporter can change issue status to 'new']
 	RESERVED
 	- mantis <unfixed> (low; bug #698481)
+	[wheezy] - mantis <no-dsa> (Minor issue)
 	[squeeze] - mantis <no-dsa> (Minor issue)
 CVE-2013-1810 [summary.php category/project names XSS vulnerability]
 	RESERVED
@@ -4590,9 +4598,8 @@
 CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2013-1558 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: not listed in icedtea release announcement, check
+	- openjdk-7 7u21-2.3.9-1
+	- openjdk-6 6b27-1.12.5-1
 CVE-2013-1557 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
@@ -6039,7 +6046,7 @@
 CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device Manager ...)
 	NOT-FOR-US: EMC AlphaStor
 CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c ...)
-	TODO: check
+	NOT-FOR-US: Chrome OS
 CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active ...)
 	- chromium-browser 26.0.1410.43-1
 CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ...)
@@ -19803,7 +19810,7 @@
 CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not ...)
 	- linux-2.6 3.2.17-1
 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
-	- texlive-extra <unfixed> (low; bug #668779)
+	- texlive-extra 2012.20130315-1 (low; bug #668779)
 	[wheezy] - texlive-extra <no-dsa> (Minor issue)
 	[squeeze] - texlive-extra <no-dsa> (Minor issue)
 CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel ...)


