[Secure-testing-commits] r24404 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Nov 22 14:08:28 UTC 2013
Author: jmm
Date: 2013-11-22 14:08:27 +0000 (Fri, 22 Nov 2013)
New Revision: 24404
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
mahara no-dsa or unimportant
ingo1 not-affected
dsa needed for libcommons-fileupload-java
gdm unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-22 13:19:39 UTC (rev 24403)
+++ data/CVE/list 2013-11-22 14:08:27 UTC (rev 24404)
@@ -1211,7 +1211,7 @@
CVE-2013-6275 [CSRF]
RESERVED
- php-horde-ingo 3.1.3-1 (bug #727669)
- - ingo1 <undetermined>
+ - ingo1 <not-affected> (Affected code not present)
CVE-2013-6242
RESERVED
CVE-2013-6241
@@ -5497,26 +5497,30 @@
- xhprof 0.9.4-1 (bug #726284)
CVE-2013-4432 [a group member with no access rights to folder can still view it]
RESERVED
- - mahara <unfixed> (bug #727539)
+ - mahara <unfixed> (low; bug #727539)
+ [squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
NOTE: https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952
CVE-2013-4431 [Not checking ownership of blocks before editing them]
RESERVED
- - mahara <unfixed> (bug #727552)
+ - mahara <unfixed> (low; bug #727552)
+ [squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5832
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5542
NOTE: https://bugs.launchpad.net/mahara/+bug/1233500
CVE-2013-4430
RESERVED
- - mahara <unfixed> (bug #727548)
+ - mahara <unfixed> (unimportant; bug #727548)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5830
NOTE: https://bugs.launchpad.net/mahara/+bug/1175446
+ NOTE: Only exploitable during installation
CVE-2013-4429 [Arbitrary image download]
RESERVED
- - mahara <unfixed> (bug #727545)
+ - mahara <unfixed> (low; bug #727545)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543
NOTE: https://bugs.launchpad.net/mahara/+bug/1211758
+ [squeeze] - mahara <no-dsa> (Minor issue)
CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly ...)
- glance <unfixed> (bug #726478)
[wheezy] - glance <not-affected> (does not have the download_image)
@@ -6387,8 +6391,9 @@
CVE-2013-4170
RESERVED
CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
- - gdm <removed>
+ - gdm <removed> (unimportant)
- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
+ NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common
CVE-2013-4168 [start and end time fields not filtered]
RESERVED
- smokeping 2.6.8-2
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2013-11-22 13:19:39 UTC (rev 24403)
+++ data/dsa-needed.txt 2013-11-22 14:08:27 UTC (rev 24404)
@@ -36,6 +36,8 @@
--
ffmpeg/oldstable (geissert)
--
+libcommons-fileupload-java
+--
libtar (luciano)
--
libv8
@@ -74,6 +76,8 @@
--
ruby1.9.1
--
+spice/stable
+--
srtp (nion)
--
sup-mail
More information about the Secure-testing-commits
mailing list