[Secure-testing-commits] r24388 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Nov 21 13:53:25 UTC 2013
Author: jmm
Date: 2013-11-21 13:53:25 +0000 (Thu, 21 Nov 2013)
New Revision: 24388
Modified:
data/CVE/list
Log:
bip no-dsa
new yui issue
fix pointless CVE split for krb5
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-21 10:15:21 UTC (rev 24387)
+++ data/CVE/list 2013-11-21 13:53:25 UTC (rev 24388)
@@ -14,18 +14,13 @@
CVE-2013-6801 (Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote ...)
NOT-FOR-US: Microsoft
CVE-2013-6800 (An unspecified third-party database module for the Key Distribution ...)
- - krb5 <unfixed> (low)
- [squeeze] - krb5 <no-dsa> (Minor issue)
- [wheezy] - krb5 <no-dsa> (Minor issue)
- NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
- NOTE: https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
- NOTE: Same commit as for the fix for CVE-2013-1418
+ NOTE: Pointless split from CVE-2013-1418
CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of service ...)
NOT-FOR-US: Apple Mac OS X
CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
NOT-FOR-US: BlackBerry Link
CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2013-6796
RESERVED
CVE-2013-6795
@@ -59,7 +54,8 @@
CVE-2013-6781
RESERVED
CVE-2013-6780 (Cross-site scripting (XSS) vulnerability in uploader.swf in the ...)
- TODO: check
+ - yui <unfixed>
+ - yui3 <not-affected>
CVE-2013-6779
RESERVED
CVE-2013-6778
@@ -359,7 +355,7 @@
CVE-2013-6617 (The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...)
- salt 0.17.1+dfsg-1
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: SpellChecker module in Xinha
CVE-2013-6766
RESERVED
NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago)
@@ -942,7 +938,7 @@
CVE-2013-6358
RESERVED
CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Disputed non-issue in Tomcat
CVE-2013-6356
RESERVED
CVE-2013-6355
@@ -1122,9 +1118,9 @@
NOTE: https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04
CVE-2013-6281 (Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2013-6280 (Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2013-6279
RESERVED
CVE-2013-6278
@@ -1368,7 +1364,7 @@
{DSA-2775-1}
- ejabberd 2.1.11-1 (bug #722105)
CVE-2013-6168 (Cross-site scripting (XSS) vulnerability in Zikula Application ...)
- TODO: check
+ NOT-FOR-US: Zikula
CVE-2013-6165
RESERVED
CVE-2013-6164 (SQL injection vulnerability in view/objectDetail.php in Project'Or RIA ...)
@@ -1477,7 +1473,7 @@
CVE-2013-6112
RESERVED
CVE-2013-6111 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
- TODO: check
+ NOT-FOR-US: mod_pagespeed
CVE-2013-6110
RESERVED
CVE-2013-6109
@@ -1642,7 +1638,7 @@
CVE-2013-6043
RESERVED
CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in ...)
- TODO: check
+ NOT-FOR-US: Softaculous Webuzo
CVE-2013-6041
RESERVED
CVE-2013-6040
@@ -5124,10 +5120,9 @@
[squeeze] - xen <not-affected> (Only affects 4.2.x and later)
CVE-2013-4550 [denial of service via resource leak]
RESERVED
- - xen <unfixed>
- [wheezy] - xen <not-affected> (affects only Xen 4.2.x and later)
- [squeeze] - xen <not-affected> (affects only Xen 4.2.x and later)
- - bip 0.8.9-1
+ - bip 0.8.9-1 (low)
+ [wheezy] - bip <no-dsa> (Minor issue)
+ [squeeze] - bip <no-dsa> (Minor issue)
NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
NOTE: https://projects.duckcorp.org/issues/261
CVE-2013-4549
More information about the Secure-testing-commits
mailing list