[Secure-testing-commits] r24028 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Oct 16 13:10:35 UTC 2013
Author: jmm
Date: 2013-10-16 13:10:34 +0000 (Wed, 16 Oct 2013)
New Revision: 24028
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
dropbear no-dsa
DSAs needed for openjdk
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-16 11:25:31 UTC (rev 24027)
+++ data/CVE/list 2013-10-16 13:10:34 UTC (rev 24028)
@@ -3676,7 +3676,9 @@
- salt <unfixed> (bug #726480)
CVE-2013-4434 [dropbear: avoid disclosing existence of valid users through inconsistent delays]
RESERVED
- - dropbear <unfixed> (bug #726118)
+ - dropbear <unfixed> (low; bug #726118)
+ [squeeze] - dropbear <no-dsa> (Minor issue)
+ [wheezy] - dropbear <no-dsa> (Minor issue)
CVE-2013-4433 [xhprof: unspecified XSS]
RESERVED
- xhprof <unfixed> (bug #726284)
@@ -3720,7 +3722,9 @@
- quassel <not-affected> (Postgres support not enabled in Debian, see #552374)
CVE-2013-4421 [memory exhaustion denial of service]
RESERVED
- - dropbear <unfixed> (bug #726019)
+ - dropbear <unfixed> (low; bug #726019)
+ [squeeze] - dropbear <no-dsa> (Minor issue)
+ [wheezy] - dropbear <no-dsa> (Minor issue)
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory traversal]
RESERVED
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2013-10-16 11:25:31 UTC (rev 24027)
+++ data/dsa-needed.txt 2013-10-16 13:10:34 UTC (rev 24028)
@@ -63,6 +63,10 @@
openjpeg
patches are not yet avaialble
--
+openjdk6
+--
+openjdk7/stable
+--
openoffice.org/oldstable
--
openswan
More information about the Secure-testing-commits
mailing list