[Secure-testing-commits] r24069 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Fri Oct 18 19:45:20 UTC 2013


Author: corsac
Date: 2013-10-18 19:45:20 +0000 (Fri, 18 Oct 2013)
New Revision: 24069

Modified:
   data/CVE/list
Log:
and add fixed versions for python-crypto


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-18 19:43:49 UTC (rev 24068)
+++ data/CVE/list	2013-10-18 19:45:20 UTC (rev 24069)
@@ -1,21 +1,3 @@
-CVE-2013-XXXX [echoping buffer overflows]
-	- echoping 6.0.2-4 (bug #606808)
-	NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/
-	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569
-	NOTE: http://xforce.iss.net/xforce/xfdb/64141
-	NOTE: http://secunia.com/advisories/42619/
-CVE-2013-XXXX [slapd segfaults on certain queries with rwm overlay enabled]
-	- openldap <unfixed>
-	TODO: check
-	NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
-CVE-2013-6167
-	- iceweasel <unfixed> (low)
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
-CVE-2013-6166
-	- chromium-browser <unfixed> (low)
-	[squeeze] - chromium-browser <end-of-life>
-	NOTE: https://code.google.com/p/chromium/issues/detail?id=238041
 CVE-2013-6063
 	RESERVED
 CVE-2013-6062
@@ -177,7 +159,6 @@
 	RESERVED
 CVE-2013-5984
 	RESERVED
-	NOT-FOR-US: Microweber
 CVE-2013-5983
 	RESERVED
 CVE-2013-5982
@@ -204,10 +185,8 @@
 	RESERVED
 CVE-2013-5971
 	RESERVED
-	NOT-FOR-US: VMware vSphere
 CVE-2013-5970
 	RESERVED
-	NOT-FOR-US: VMware ESXi and ESX
 CVE-2013-5969
 	RESERVED
 CVE-2013-5968
@@ -464,8 +443,6 @@
 	- openjdk-7 <unfixed>
 CVE-2013-5850
 	RESERVED
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
 CVE-2013-5849
 	RESERVED
 	- openjdk-6 <unfixed>
@@ -476,18 +453,14 @@
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-5847
 	RESERVED
-	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2013-5846
 	RESERVED
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
 CVE-2013-5845
 	RESERVED
-	NOT-FOR-US: Oracle iLearning
 CVE-2013-5844
 	RESERVED
-	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
-	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
 CVE-2013-5843
 	RESERVED
 	TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
@@ -497,7 +470,6 @@
 	- openjdk-7 <unfixed>
 CVE-2013-5841
 	RESERVED
-	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2013-5840
 	RESERVED
 	- openjdk-6 <unfixed>
@@ -514,10 +486,8 @@
 	NOT-FOR-US: Solaris
 CVE-2013-5836
 	RESERVED
-	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2013-5835
 	RESERVED
-	NOT-FOR-US: Oracle Siebel CRM
 CVE-2013-5834
 	RESERVED
 CVE-2013-5833
@@ -539,13 +509,10 @@
 	- openjdk-7 <unfixed>
 CVE-2013-5828
 	RESERVED
-	NOT-FOR-US: Oracle Enterprise Manager Grid Control
 CVE-2013-5827
 	RESERVED
-	NOT-FOR-US: Oracle Enterprise Manager Grid Control
 CVE-2013-5826
 	RESERVED
-	NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2013-5825
 	RESERVED
 	- openjdk-6 <unfixed>
@@ -559,7 +526,6 @@
 	TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
 CVE-2013-5822
 	RESERVED
-	NOT-FOR-US: Oracle iLearning
 CVE-2013-5821
 	RESERVED
 CVE-2013-5820
@@ -580,24 +546,20 @@
 	- openjdk-7 <unfixed>
 CVE-2013-5816
 	RESERVED
-	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2013-5815
 	RESERVED
-	NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
 CVE-2013-5814
 	RESERVED
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 CVE-2013-5813
 	RESERVED
-	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2013-5812
 	RESERVED
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-5811
 	RESERVED
-	NOT-FOR-US: Oracle Industry Applications
 CVE-2013-5810
 	RESERVED
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
@@ -642,22 +604,18 @@
 	- openjdk-7 <unfixed>
 CVE-2013-5799
 	RESERVED
-	NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2013-5798
 	RESERVED
-	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2013-5797
 	RESERVED
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 CVE-2013-5796
 	RESERVED
-	NOT-FOR-US: Oracle Siebel CRM
 CVE-2013-5795
 	RESERVED
 CVE-2013-5794
 	RESERVED
-	NOT-FOR-US: Oracle PeopleSoft Products
 CVE-2013-5793
 	RESERVED
 	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
@@ -818,7 +776,7 @@
 CVE-2013-5741
 	RESERVED
 CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...)
-	- vino 3.10.1-1 (low; bug #724545)
+	- vino <unfixed> (low; bug #724545)
 	[wheezy] - vino <no-dsa> (Minor issue)
 	[squeeze] - vino <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2013/Sep/105
@@ -3804,10 +3762,8 @@
 CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory traversal]
 	RESERVED
 	- libtar <unfixed>
-CVE-2013-4419 [insecure temporary directory handling for guestfish's network socket]
+CVE-2013-4419
 	RESERVED
-	- libguestfs 1:1.22.7-1
-	[wheezy] - libguestfs <no-dsa> (Minor issue)
 CVE-2013-4418
 	RESERVED
 CVE-2013-4417
@@ -3907,11 +3863,7 @@
 	RESERVED
 CVE-2013-4389
 	RESERVED
-	- rails-4.0 <not-affected> (Only affects 3.x)
 	- ruby-actionmailer-3.2 <unfixed> (bug #726576)
-	- ruby-actionmailer-2.3 <not-affected> (Only affects 3.x)
-	- rails <not-affected> (Only affects 3.x)
-	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-4388 [buffer overflow in the mp4a packetizer]
 	RESERVED
 	- vlc <unfixed> (bug #726528)
@@ -4117,13 +4069,10 @@
 	NOT-FOR-US: Drupal module
 CVE-2013-4335
 	RESERVED
-	NOT-FOR-US: opOpenSocialPlugin
 CVE-2013-4334
 	RESERVED
-	NOT-FOR-US: opWebAPIPlugin
 CVE-2013-4333
 	RESERVED
-	NOT-FOR-US: OpenPNE
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
 	- eglibc 2.17-93 (bug #722536)
 CVE-2013-4331 [incorrect .Xauthority permissions]
@@ -4225,11 +4174,8 @@
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users in 3.2)
 	- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
-CVE-2013-4299 [dm: dm-snapshot data leak]
+CVE-2013-4299
 	RESERVED
-	- linux-2.6 <removed>
-	- linux <unfixed>
-	NOTE: upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca
 CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt ...)
 	- libvirt 1.1.2-2
 	[jessie] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
@@ -4299,7 +4245,7 @@
 	[wheezy] - nova <not-affected> (Affected code not present)
 	NOTE: incomplete fix for CVE-2013-2256
 CVE-2013-4277 (Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through ...)
-	- subversion 1.7.13-1 (low; bug #721542)
+	- subversion <unfixed> (low; bug #721542)
 	[squeeze] - subversion <no-dsa> (Minor issue, PID file not created by default)
 	[wheezy] - subversion <no-dsa> (Minor issue, PID file not created by default)
 	NOTE: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
@@ -4310,12 +4256,10 @@
 	- lcms2 <not-affected> (Vulnerable code not present)
 CVE-2013-4275
 	RESERVED
-	NOT-FOR-US: Drupal contributed module Zen
 CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...)
 	NOT-FOR-US: Drupal addon
 CVE-2013-4273
 	RESERVED
-	NOT-FOR-US: Drupal contributed module Entity API
 CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x ...)
 	NOT-FOR-US: Drupal addon
 CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...)
@@ -4796,7 +4740,7 @@
 	NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
 	NOTE: only relevant with eglibc >= 2.17.
 CVE-2013-4131 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
-	- subversion 1.7.13-1 (bug #717794)
+	- subversion <unfixed> (bug #717794)
 	[squeeze] - subversion <not-affected> (Only affects >= 1.7)
 	[wheezy] - subversion <not-affected> (Only affects >= 1.7)
 CVE-2013-4130 (The (1) red_channel_pipes_add_type and (2) ...)
@@ -7543,79 +7487,58 @@
 CVE-2013-2928
 	RESERVED
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2927
 	RESERVED
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2926
 	RESERVED
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2925
 	RESERVED
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 	- icu <unfixed> (bug #726477)
 CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	TODO: check
 CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 	- libv8 <unfixed>
 	- libv8-3.14 <unfixed>
 CVE-2013-2918 (Use-after-free vulnerability in the ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in ...)
 	- chromium-browser <unfixed>
 CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote ...)
-	[squeeze] - chromium-browser <end-of-life>
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 	TODO: Might affect libxml2
 CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet ...)
 	- chromium-browser <unfixed>
 	TODO: Might affect libxslt
 CVE-2013-2910 (Use-after-free vulnerability in ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as ...)
 	- chromium-browser <unfixed>
-	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...)
 	{DSA-2741-1}
 	- chromium-browser 29.0.1547.57-1
@@ -9621,7 +9544,6 @@
 	RESERVED
 CVE-2013-2186
 	RESERVED
-	- libcommons-fileupload-java <unfixed> (bug #726601)
 CVE-2013-2185 [tomcat: arbitrary file upload via deserialization]
 	RESERVED
 	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
@@ -9920,7 +9842,6 @@
 	RESERVED
 CVE-2013-2102
 	RESERVED
-	NOT-FOR-US: GateIn Portal
 CVE-2013-2101
 	RESERVED
 CVE-2013-2100
@@ -11134,17 +11055,10 @@
 	RESERVED
 CVE-2013-1744
 	RESERVED
-CVE-2013-1743 [Cross-Site Scripting]
+CVE-2013-1743
 	RESERVED
-	- bugzilla <not-affected> (Only affects 4.1 to 4.4)
-	- bugzilla4 <itp> (bug #669643)
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924932
-CVE-2013-1742 [Cross-Site Scripting]
+CVE-2013-1742
 	RESERVED
-	- bugzilla <removed> (low)
-	[squeeze] - bugzilla <no-dsa> (Minor issue)
-	- bugzilla4 <itp> (bug #669643)
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
 CVE-2013-1741
 	RESERVED
 CVE-2013-1740
@@ -11183,17 +11097,10 @@
 	[squeeze] - icedove <end-of-life>
 	- iceape <unfixed>
 	[squeeze] - iceape <end-of-life>
-CVE-2013-1734 [Cross-Site Request Forgery]
+CVE-2013-1734
 	RESERVED
-	- bugzilla <removed> (low)
-	[squeeze] - bugzilla <no-dsa> (Minor issue)
-	- bugzilla4 <itp> (bug #669643)
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=913904
-CVE-2013-1733 [Cross-Site Request Forgery]
+CVE-2013-1733
 	RESERVED
-	- bugzilla <not-affected> (Only affects 4.4)
-	- bugzilla4 <itp> (bug #669643)
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=911593
 CVE-2013-1732 (Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla ...)
 	{DSA-2762-1 DSA-2759-1}
 	- iceweasel 24.0-1
@@ -12192,9 +12099,9 @@
 	RESERVED
 CVE-2013-1446
 	RESERVED
-CVE-2013-1445 [PRNG not correctly reseeded in some situations]
-	RESERVED
+CVE-2013-1445 [python-crypto PRNG not correctly reseeded in some situation]
 	- python-crypto 2.6.1-1
+	RESERVED
 CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, ...)
 	- txt2man 1.5.5-4.1 (bug #724614)
 	[wheezy] - txt2man <no-dsa> (Minor issue)
@@ -13096,7 +13003,6 @@
 	RESERVED
 CVE-2013-1056
 	RESERVED
-	- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
 CVE-2013-1055
 	RESERVED
 CVE-2013-1054
@@ -22480,10 +22386,8 @@
 	RESERVED
 CVE-2012-4113
 	RESERVED
-	NOT-FOR-US: Cisco
 CVE-2012-4112
 	RESERVED
-	NOT-FOR-US: Cisco
 CVE-2012-4111 (The create certreq command in the fabric-interconnect component in ...)
 	NOT-FOR-US: Cisco
 CVE-2012-4110 (run-script in the fabric-interconnect component in Cisco Unified ...)
@@ -50124,13 +50028,11 @@
 	- webkit 1.2.6-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
 	- chromium-browser 29.0.1547.57-1
-	[squeeze] - chromium-browser <end-of-life>
 	NOTE: fixed much earlier in chromium, but this was the version checked
 CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...)
 	- webkit 1.2.6-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
 	- chromium-browser 29.0.1547.57-1
-	[squeeze] - chromium-browser <end-of-life>
 	NOTE: fixed much earlier in chromium, but this was the version checked
 	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
 CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
@@ -64216,7 +64118,7 @@
 	- tomcat-native 1.1.18-1
 	[lenny] - tomcat-native <no-dsa> (Minor issue)
 	- gnutls26 <not-affected> (safely handles renegotiation; however support for RFC 5746 would be useful)
-	- polarssl 1.3.1-1 (bug #704946)
+	- polarssl <undetermined> (bug #704946)
 	- classpath <removed>
 	- zorp 3.9.2-1
 	[squeeze] - zorp <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list