[Secure-testing-commits] r22312 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue May 21 06:41:36 UTC 2013 

Author: jmm
Date: 2013-05-21 06:41:36 +0000 (Tue, 21 May 2013)
New Revision: 22312

Modified:
   data/CVE/list
Log:
python ssl issue also affects multiple other packages (python-urllib3 and bzr fixed, all no-dsa)
qemu fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-05-20 21:14:49 UTC (rev 22311)
+++ data/CVE/list	2013-05-21 06:41:36 UTC (rev 22312)
@@ -3215,7 +3215,24 @@
 	NOT-FOR-US: Gentoo Portage binary package installer
 CVE-2013-2099 [ssl.match_hostname denial of service]
 	RESERVED
-	- python3-defaults (low; bug #708530)
+	- python2.7 <unfixed> (low; bug #709066)
+	[wheezy] - python2.7 <no-dsa> (Minor issue)
+	- linkchecker <unfixed> (low; bug #709067)
+	[squeeze] - linkchecker <no-dsa> (Minor issue)
+	[wheezy] - linkchecker <no-dsa> (Minor issue)
+	- python3.2 <unfixed> (low; bug #708530)
+	- python3.3 <unfixed> (low; bug #708530)
+	- bzr 2.6.0~bzr6574-1 (low; bug #709068)
+	[squeeze] - bzr <no-dsa> (Minor issue)
+	[wheezy] - bzr <no-dsa> (Minor issue)
+	- python-urllib3 1.6-2 (low; bug #709070)
+	[wheezy] - python-urllib3 <no-dsa> (Minor issue)
+	- python-tornado <unfixed> (low; bug #709069)
+	[squeeze] - python-tornado <no-dsa> (Minor issue)
+	[wheezy] - python-tornado <no-dsa> (Minor issue)
+	- w3af 2.6.0~bzr6574-1 (low; bug #709068)
+	[squeeze] - w3af <no-dsa> (Minor issue)
+	[wheezy] - w3af <no-dsa> (Minor issue)
 CVE-2013-2098
 	RESERVED
 	NOTE: http://www.openwall.com/lists/oss-security/2013/05/16/5
@@ -3769,7 +3786,7 @@
 	[wheezy] - nfs-utils <no-dsa> (Minor issue)
 CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ...)
 	- xen <not-affected> (qemu-nbd-xen built, but not installed into the binary packages)
-	- qemu <unfixed> (low; bug #705544)
+	- qemu 1.5.0+dfsg-1 (low; bug #705544)
 	[squeeze] - qemu <no-dsa> (Minor issue)
 	[wheezy] - qemu <no-dsa> (Minor issue)
 	- xen-qemu-dm-4.0 <not-affected> (qemu-nbd not installed by the binary package)

More information about the Secure-testing-commits mailing list