[Secure-testing-commits] r24426 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Nov 25 09:24:44 UTC 2013 

Author: jmm
Date: 2013-11-25 09:24:44 +0000 (Mon, 25 Nov 2013)
New Revision: 24426

Modified:
   data/CVE/list
Log:
new jenkins issues
augeas no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-11-25 08:00:35 UTC (rev 24425)
+++ data/CVE/list	2013-11-25 09:24:44 UTC (rev 24426)
@@ -102,7 +102,9 @@
 CVE-2013-6808
 	RESERVED
 CVE-2012-6607 (The transform_save function in transform_save in Augeas before 1.0.0 ...)
-	- augeas <unfixed>
+	- augeas 1.0.0-1 (low)
+	[squeeze] - augeas <no-dsa> (Minor issue)
+	[wheezy] - augeas <no-dsa> (Minor issue)
 CVE-2013-6869 (SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC ...)
 	NOT-FOR-US: Sap NetWeaver
 CVE-2013-6868 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ...)
@@ -1299,10 +1301,13 @@
 	RESERVED
 CVE-2013-6274
 	RESERVED
+	- jenkins <unfixed>
 CVE-2013-6273
 	RESERVED
+	- jenkins <unfixed>
 CVE-2013-6272
 	RESERVED
+	- jenkins <unfixed>
 CVE-2013-6271
 	RESERVED
 CVE-2013-6270
@@ -3902,7 +3907,7 @@
 CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
 	NOT-FOR-US: Apple iOS
 CVE-2013-5130 (WebKit in Apple Safari before 6.1 disables the Private Browsing ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2013-5129 (Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple ...)
 	NOT-FOR-US: Apple iOS
 CVE-2013-5128 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
@@ -4861,9 +4866,9 @@
 CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
 	TODO: check
 CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before ...)
-	TODO: check
+	NOT-FOR-US: Tiki Wiki
 CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
-	TODO: check
+	NOT-FOR-US: Tiki Wiki
 CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk ...)
 	NOT-FOR-US: I-O DATA DEVICE RockDisk
 CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and ...)
@@ -5473,7 +5478,7 @@
 CVE-2013-4482 (Untrusted search path vulnerability in python-paste-script (aka ...)
 	TODO: check
 CVE-2013-4481 (Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with ...)
-	TODO: check
+	NOT-FOR-US: LuCi
 CVE-2013-4480 (Red Hat Satellite 5.6 and earlier does not disable the web interface ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2013-4479 [prevent remote command injection in content_type]
@@ -5519,7 +5524,6 @@
 CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
-	TODO: check
 CVE-2013-4469 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when ...)
 	- nova <unfixed> (bug #728605)
 	NOTE: CVE for incomplete fix of CVE-2013-2096
@@ -5898,7 +5902,6 @@
 	RESERVED
 	- eglibc <unfixed>
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
-	TODO: check
 CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Only affects 4.3+)
@@ -7866,7 +7869,7 @@
 CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed ...)
 	NOT-FOR-US: McAfee
 CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...)
-	TODO: check
+	NOT-FOR-US: Attachmate Verastream Host Integrator 
 CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 ...)
 	NOT-FOR-US: Baramundi Management Suite
 CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...)
@@ -8660,9 +8663,9 @@
 CVE-2013-3265
 	RESERVED
 CVE-2013-3264 (The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for ...)
-	TODO: check
+	NOT-FOR-US: WP Ultimate Email Marketer
 CVE-2013-3263 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate ...)
-	TODO: check
+	NOT-FOR-US: WP Ultimate Email Marketer
 CVE-2013-3262 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the ...)
 	NOT-FOR-US: WordPress plugin download-monitor
 CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
@@ -9781,7 +9784,7 @@
 CVE-2013-2824
 	RESERVED
 CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
-	TODO: check
+	NOT-FOR-US: Catapult DNP3 I/O driver
 CVE-2013-2822
 	RESERVED
 CVE-2013-2821
@@ -9805,7 +9808,7 @@
 CVE-2013-2812
 	RESERVED
 CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
-	TODO: check
+	NOT-FOR-US: Catapult DNP3 I/O driver
 CVE-2013-2810
 	RESERVED
 CVE-2013-2809

More information about the Secure-testing-commits mailing list