[Secure-testing-commits] r23980 - in data: . CVE

Sat Oct 12 15:07:35 UTC 2013

Author: thijs
Date: 2013-10-12 15:07:35 +0000 (Sat, 12 Oct 2013)
New Revision: 23980

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
stable point release 7.2


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-10-12 14:07:36 UTC (rev 23979)
+++ data/CVE/list	2013-10-12 15:07:35 UTC (rev 23980)
@@ -2559,7 +2559,7 @@
 	RESERVED
 	- nmap 6.40-0.1 (low; bug #719289)
 	[squeeze] - nmap <not-affected> (Vulnerable code not present)
-	[wheezy] - nmap <no-dsa> (Minor issue)
+	[wheezy] - nmap 6.00-0.3+deb7u1
 CVE-2013-4884
 	RESERVED
 CVE-2013-5217
@@ -3873,7 +3873,7 @@
 	- linux-2.6 <not-affected> (Introduced in 3.8)
 CVE-2013-4342 (xinetd does not enforce the user and group configuration directives ...)
 	- xinetd 1:2.3.15-2 (bug #324678)
-	[wheezy] - xinetd <no-dsa> (Minor issue)
+	[wheezy] - xinetd 1:2.3.14-7.1+deb7u1
 	[squeeze] - xinetd <no-dsa> (Minor issue)
 CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
 	- moodle 2.5.2-1
@@ -4585,7 +4585,7 @@
 	- linux-2.6 <not-affected> (Introduced in 3.7)
 CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...)
 	- samba 2:3.6.17-1 (low)
-	[wheezy] - samba <no-dsa> (Minor issue)
+	[wheezy] - samba 2:3.6.6-6+deb7u1
 	[squeeze] - samba <no-dsa> (Minor issue)
 	- samba4 <unfixed> (low)
 	[wheezy] - samba4 <no-dsa> (Minor issue)
@@ -7361,6 +7361,7 @@
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) ...)
 	- linux 3.10.11-1 (low)
+	[wheezy] - linux 3.2.51-1
 	- linux-2.6 <not-affected> (driver introduced in 2.6.35)
 CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) ...)
 	- linux 3.10.11-1 (low)
@@ -7371,6 +7372,7 @@
 	- linux-2.6 <not-affected> (driver introduced in 2.6.38)
 CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem ...)
 	- linux 3.10.11-1 (low)
+	[wheezy] - linux 3.2.51-1
 	- linux-2.6 <not-affected> (Vulnerable feature probing code not present)
 CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) ...)
 	- linux <unfixed> (low)
@@ -7385,6 +7387,7 @@
 CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in ...)
 	{DSA-2766-1}
 	- linux 3.10.11-1 (low)
+	[wheezy] - linux 3.2.51-1
 	- linux-2.6 <removed> (low)
 CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) ...)
 	- linux <unfixed> (low)
@@ -7400,6 +7403,7 @@
 	{DSA-2766-1}
 	- linux 3.10.11-1
 	- linux-2.6 <removed>
+	[wheezy] - linux 3.2.51-1
 CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2741-1}
 	- chromium-browser 29.0.1547.57-1
@@ -9422,6 +9426,7 @@
 CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift ...)
 	{DSA-2737-1}
 	- swift 1.8.0-6 (low; bug #712202)
+	[wheezy] - swift 1.4.8-2+deb7u1
 CVE-2013-2160 (Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before ...)
 	NOT-FOR-US: Apache CXF
 CVE-2013-2159 [monkey broken authentication]
@@ -9470,7 +9475,7 @@
 	[wheezy] - linux 3.2.46-1
 CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
 	- libmodule-signature-perl 0.73-1 (bug #711239)
-	[wheezy] - libmodule-signature-perl <no-dsa> (Minor issue)
+	[wheezy] - libmodule-signature-perl 0.68-1+deb7u1
 	[squeeze] - libmodule-signature-perl <no-dsa> (Minor issue)
 CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...)
 	NOT-FOR-US: RHEV Manager
@@ -9865,7 +9870,7 @@
 	RESERVED
 	- python-httplib2 0.8-2 (low; bug #706602)
 	[squeeze] - python-httplib2 <no-dsa> (Minor issue)
-	[wheezy] - python-httplib2 <no-dsa> (Minor issue)
+	[wheezy] - python-httplib2 0.7.4-2+deb7u1
 	NOTE: http://openwall.com/lists/oss-security/2013/05/01/5
 CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module ...)
 	NOT-FOR-US: Drupal module Filebrowser
@@ -9965,7 +9970,7 @@
 	NOTE: fixed in 2013.1-1 for experimental
 CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...)
 	- python-keystoneclient 1:0.2.5-1 (bug #709535)
-	[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
+	[wheezy] - python-keystoneclient 2012.1-3+deb7u1
 	NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315
 	NOTE: https://review.openstack.org/28702
 CVE-2013-2012 [autojump profile will load random stuff from a directory called custom_install]
@@ -11929,7 +11934,7 @@
 	[wheezy] - perl <not-affected> (Bug was introduced later)
 	[squeeze] - perl <not-affected> (Does not yet contain Module::Metadata)
 	- libmodule-metadata-perl 1.000015-1
-	[wheezy] - libmodule-metadata-perl <no-dsa> (Documentation issue)
+	[wheezy] - libmodule-metadata-perl 1.000009-1+deb7u1
 	NOTE: this is by 'design', but previous to version Module::Metadata 1.000015
 	NOTE: the statement was This module provides a standard way to gather metadata
 	NOTE: about a .pm file *without* executing unsafe code.
@@ -11937,7 +11942,7 @@
 	RESERVED
 	- xmonad-contrib 0.11.2-1 (low)
 	[squeeze] - xmonad-contrib <no-dsa> (Minor issue)
-	[wheezy] - xmonad-contrib <no-dsa> (Minor issue)
+	[wheezy] - xmonad-contrib 0.10-4~deb7u1
 CVE-2013-1435 ((1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote ...)
 	{DSA-2739-1}
 	- cacti 0.8.8b+dfsg-1
@@ -15057,6 +15062,7 @@
 	RESERVED
 CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
 	- linux 3.10.11-1 (low)
+	[wheezy] - linux 3.2.51-1
 	- linux-2.6 <removed> (low)
 CVE-2013-0342 [CreateID() creates serialized packet IDs for RADIUS]
 	RESERVED
@@ -18170,7 +18176,7 @@
 CVE-2012-5524
 	RESERVED
 	- gajim 0.15.4-1 (low; bug #693282)
-	[wheezy] - gajim <no-dsa> (Minor issue)
+	[wheezy] - gajim 0.15.1-4.1
 	[squeeze] - gajim <no-dsa> (Minor issue)
 CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...)
 	- mantis 1.2.11-1.2 (bug #693283)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2013-10-12 14:07:36 UTC (rev 23979)
+++ data/next-point-update.txt	2013-10-12 15:07:35 UTC (rev 23980)
@@ -1,32 +1,2 @@
-CVE-2013-2145
-	[wheezy] - libmodule-signature-perl 0.68-1+deb7u1
 CVE-2013-2096
 	[wheezy] - nova 2012.1.1-18+deb7u1
-CVE-2013-2013
-	[wheezy] - python-keystoneclient 2012.1-3+deb7u1
-CVE-2013-2161
-	[wheezy] - swift 1.4.8-2+deb7u1
-CVE-2013-1436
-	[wheezy] - xmonad-contrib 0.10-4~deb7u1
-CVE-2013-4124
-	[wheezy] - samba 2:3.6.6-6+deb7u1
-CVE-2013-4885
-	[wheezy] - nmap 6.00-0.3+deb7u1
-CVE-2013-2037
-	[wheezy] - python-httplib2 0.7.4-2+deb7u1
-CVE-2013-1437
-	[wheezy] - libmodule-metadata-perl 1.000009-1+deb7u1
-CVE-2012-5524
-	[wheezy] - gajim 0.15.1-4.1
-CVE-2013-0343
-	[wheezy] - linux 3.2.51-1
-CVE-2013-2888
-	[wheezy] - linux 3.2.51-1
-CVE-2013-2892
-	[wheezy] - linux 3.2.51-1
-CVE-2013-2896
-	[wheezy] - linux 3.2.51-1
-CVE-2013-2899
-	[wheezy] - linux 3.2.51-1
-CVE-2013-4342
-	[wheezy] - xinetd 1:2.3.14-7.1+deb7u1


