[Secure-testing-commits] r22388 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue May 28 20:39:47 UTC 2013 

Author: jmm
Date: 2013-05-28 20:39:46 +0000 (Tue, 28 May 2013)
New Revision: 22388

Modified:
   data/CVE/list
Log:
autotrace, xen, ekiga qpid-cpp no-dsa
imagemagick and one wireshark issue unimportant
drop rrdtool, plain bug


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-05-28 19:55:13 UTC (rev 22387)
+++ data/CVE/list	2013-05-28 20:39:46 UTC (rev 22388)
@@ -232,9 +232,10 @@
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html
 CVE-2013-3560 [wireshark: MPEG DSM-CC dissector crash]
 	RESERVED
-	- wireshark 1.8.7-1 (bug #709167)
+	- wireshark 1.8.7-1 (unimportant; bug #709167)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html
+	NOTE: Not suitable for code injection
 CVE-2013-3559 [wireshark: DCP ETSI dissector crash]
 	RESERVED
 	- wireshark 1.8.7-1 (bug #709167)
@@ -267,8 +268,6 @@
 CVE-2013-3551
 	RESERVED
 	- otrs2 3.2.7-1
-CVE-2013-XXXX [rrdtool: format string vulnerability]
-	- rrdtool <unfixed> (bug #708866)
 CVE-2013-3550
 	RESERVED
 CVE-2013-3549
@@ -1947,7 +1946,7 @@
 CVE-2013-2764
 	RESERVED
 CVE-2013-XXXX [imagemagick: null pointer dereference]
-	- imagemagick <unfixed> (low; bug #704901)
+	- imagemagick <unfixed> (unimportant; bug #704901)
 CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote ...)
 	NOT-FOR-US: Schneider Electric M340 modules
 CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default ...)
@@ -3643,6 +3642,8 @@
 CVE-2013-2072
 	RESERVED
 	- xen <unfixed> (low)
+	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
+	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 CVE-2013-2071 [Information disclosure]
 	RESERVED
 	- tomcat7 7.0.40-1 (bug #707704)
@@ -3854,6 +3855,7 @@
 CVE-2013-2014 [no limitation for requests and headers size which can cause a crash]
 	RESERVED
 	- keystone <unfixed> (bug #708515)
+	[wheezy] - keystone <no-dsa> (Minor issue)
 	NOTE: fixed in 2013.1-1 for experimental
 CVE-2013-2013 [OpenStack keystone password disclosure on command line]
 	RESERVED
@@ -4071,6 +4073,8 @@
 CVE-2013-1953 [stack-based buffer overflow in bmp parser]
 	RESERVED
 	- autotrace <unfixed> (low)
+	[wheezy] - autotrace <no-dsa> (Minor issue)
+	[squeeze] - autotrace <no-dsa> (Minor issue)
 	- gimp 2.6.10-1
 	NOTE: Gimp was fixed earlier, but only Squeeze version was checked
 	NOTE: In gimp code introduced with d9c6f88141aecf956c5d721168f795de0e3027b8
@@ -4364,7 +4368,9 @@
 CVE-2013-1864 [Ekiga billion laughs flaw in ptlib]
 	RESERVED
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
-	- ekiga <unfixed> (bug #704133)
+	- ekiga <unfixed> (low; bug #704133)
+	[wheezy] - ekiga <no-dsa> (Minor issue)
+	[squeeze] - ekiga <no-dsa> (Minor issue)
 CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain ...)
 	- samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
 	NOTE: http://www.samba.org/samba/history/samba-4.0.4.html
@@ -14416,11 +14422,14 @@
 	- linux-2.6 <removed>
 	- linux 3.2.35-1
 CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...)
-	- qpid-cpp <unfixed>
+	- qpid-cpp <unfixed> (low)
+	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...)
-	- qpid-cpp <unfixed>
+	- qpid-cpp <unfixed> (low)
+	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote ...)
-	- qpid-cpp <unfixed>
+	- qpid-cpp <unfixed> (low)
+	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
 	- keystone 2012.1.1-9 (bug #689210)
 CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...)
@@ -14457,7 +14466,8 @@
 	- tiff3 3.9.6-9 (bug #688944)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
 CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the ...)
-	- qpid-cpp <unfixed>
+	- qpid-cpp <unfixed> (low)
+	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
 	{DSA-2557-1}
 	- hostapd <removed>

More information about the Secure-testing-commits mailing list