[Secure-testing-commits] r24069 - data/CVE
Yves-Alexis Perez
corsac at alioth.debian.org
Fri Oct 18 19:45:20 UTC 2013
Author: corsac
Date: 2013-10-18 19:45:20 +0000 (Fri, 18 Oct 2013)
New Revision: 24069
Modified:
data/CVE/list
Log:
and add fixed versions for python-crypto
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-18 19:43:49 UTC (rev 24068)
+++ data/CVE/list 2013-10-18 19:45:20 UTC (rev 24069)
@@ -1,21 +1,3 @@
-CVE-2013-XXXX [echoping buffer overflows]
- - echoping 6.0.2-4 (bug #606808)
- NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/
- NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569
- NOTE: http://xforce.iss.net/xforce/xfdb/64141
- NOTE: http://secunia.com/advisories/42619/
-CVE-2013-XXXX [slapd segfaults on certain queries with rwm overlay enabled]
- - openldap <unfixed>
- TODO: check
- NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
-CVE-2013-6167
- - iceweasel <unfixed> (low)
- NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
-CVE-2013-6166
- - chromium-browser <unfixed> (low)
- [squeeze] - chromium-browser <end-of-life>
- NOTE: https://code.google.com/p/chromium/issues/detail?id=238041
CVE-2013-6063
RESERVED
CVE-2013-6062
@@ -177,7 +159,6 @@
RESERVED
CVE-2013-5984
RESERVED
- NOT-FOR-US: Microweber
CVE-2013-5983
RESERVED
CVE-2013-5982
@@ -204,10 +185,8 @@
RESERVED
CVE-2013-5971
RESERVED
- NOT-FOR-US: VMware vSphere
CVE-2013-5970
RESERVED
- NOT-FOR-US: VMware ESXi and ESX
CVE-2013-5969
RESERVED
CVE-2013-5968
@@ -464,8 +443,6 @@
- openjdk-7 <unfixed>
CVE-2013-5850
RESERVED
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
CVE-2013-5849
RESERVED
- openjdk-6 <unfixed>
@@ -476,18 +453,14 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5847
RESERVED
- NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5846
RESERVED
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5845
RESERVED
- NOT-FOR-US: Oracle iLearning
CVE-2013-5844
RESERVED
- - openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- - openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5843
RESERVED
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
@@ -497,7 +470,6 @@
- openjdk-7 <unfixed>
CVE-2013-5841
RESERVED
- NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5840
RESERVED
- openjdk-6 <unfixed>
@@ -514,10 +486,8 @@
NOT-FOR-US: Solaris
CVE-2013-5836
RESERVED
- NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5835
RESERVED
- NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5834
RESERVED
CVE-2013-5833
@@ -539,13 +509,10 @@
- openjdk-7 <unfixed>
CVE-2013-5828
RESERVED
- NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5827
RESERVED
- NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5826
RESERVED
- NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5825
RESERVED
- openjdk-6 <unfixed>
@@ -559,7 +526,6 @@
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
CVE-2013-5822
RESERVED
- NOT-FOR-US: Oracle iLearning
CVE-2013-5821
RESERVED
CVE-2013-5820
@@ -580,24 +546,20 @@
- openjdk-7 <unfixed>
CVE-2013-5816
RESERVED
- NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5815
RESERVED
- NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
CVE-2013-5814
RESERVED
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
CVE-2013-5813
RESERVED
- NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5812
RESERVED
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5811
RESERVED
- NOT-FOR-US: Oracle Industry Applications
CVE-2013-5810
RESERVED
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
@@ -642,22 +604,18 @@
- openjdk-7 <unfixed>
CVE-2013-5799
RESERVED
- NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5798
RESERVED
- NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5797
RESERVED
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
CVE-2013-5796
RESERVED
- NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5795
RESERVED
CVE-2013-5794
RESERVED
- NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5793
RESERVED
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
@@ -818,7 +776,7 @@
CVE-2013-5741
RESERVED
CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...)
- - vino 3.10.1-1 (low; bug #724545)
+ - vino <unfixed> (low; bug #724545)
[wheezy] - vino <no-dsa> (Minor issue)
[squeeze] - vino <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2013/Sep/105
@@ -3804,10 +3762,8 @@
CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory traversal]
RESERVED
- libtar <unfixed>
-CVE-2013-4419 [insecure temporary directory handling for guestfish's network socket]
+CVE-2013-4419
RESERVED
- - libguestfs 1:1.22.7-1
- [wheezy] - libguestfs <no-dsa> (Minor issue)
CVE-2013-4418
RESERVED
CVE-2013-4417
@@ -3907,11 +3863,7 @@
RESERVED
CVE-2013-4389
RESERVED
- - rails-4.0 <not-affected> (Only affects 3.x)
- ruby-actionmailer-3.2 <unfixed> (bug #726576)
- - ruby-actionmailer-2.3 <not-affected> (Only affects 3.x)
- - rails <not-affected> (Only affects 3.x)
- NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4388 [buffer overflow in the mp4a packetizer]
RESERVED
- vlc <unfixed> (bug #726528)
@@ -4117,13 +4069,10 @@
NOT-FOR-US: Drupal module
CVE-2013-4335
RESERVED
- NOT-FOR-US: opOpenSocialPlugin
CVE-2013-4334
RESERVED
- NOT-FOR-US: opWebAPIPlugin
CVE-2013-4333
RESERVED
- NOT-FOR-US: OpenPNE
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
- eglibc 2.17-93 (bug #722536)
CVE-2013-4331 [incorrect .Xauthority permissions]
@@ -4225,11 +4174,8 @@
- linux <unfixed>
[wheezy] - linux <not-affected> (Not exploitable by unprivileged users in 3.2)
- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
-CVE-2013-4299 [dm: dm-snapshot data leak]
+CVE-2013-4299
RESERVED
- - linux-2.6 <removed>
- - linux <unfixed>
- NOTE: upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca
CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt ...)
- libvirt 1.1.2-2
[jessie] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
@@ -4299,7 +4245,7 @@
[wheezy] - nova <not-affected> (Affected code not present)
NOTE: incomplete fix for CVE-2013-2256
CVE-2013-4277 (Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through ...)
- - subversion 1.7.13-1 (low; bug #721542)
+ - subversion <unfixed> (low; bug #721542)
[squeeze] - subversion <no-dsa> (Minor issue, PID file not created by default)
[wheezy] - subversion <no-dsa> (Minor issue, PID file not created by default)
NOTE: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
@@ -4310,12 +4256,10 @@
- lcms2 <not-affected> (Vulnerable code not present)
CVE-2013-4275
RESERVED
- NOT-FOR-US: Drupal contributed module Zen
CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal addon
CVE-2013-4273
RESERVED
- NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x ...)
NOT-FOR-US: Drupal addon
CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...)
@@ -4796,7 +4740,7 @@
NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
NOTE: only relevant with eglibc >= 2.17.
CVE-2013-4131 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
- - subversion 1.7.13-1 (bug #717794)
+ - subversion <unfixed> (bug #717794)
[squeeze] - subversion <not-affected> (Only affects >= 1.7)
[wheezy] - subversion <not-affected> (Only affects >= 1.7)
CVE-2013-4130 (The (1) red_channel_pipes_add_type and (2) ...)
@@ -7543,79 +7487,58 @@
CVE-2013-2928
RESERVED
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2927
RESERVED
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2926
RESERVED
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2925
RESERVED
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
- icu <unfixed> (bug #726477)
CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before ...)
TODO: check
CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
- libv8 <unfixed>
- libv8-3.14 <unfixed>
CVE-2013-2918 (Use-after-free vulnerability in the ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in ...)
- chromium-browser <unfixed>
CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote ...)
- [squeeze] - chromium-browser <end-of-life>
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
TODO: Might affect libxml2
CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet ...)
- chromium-browser <unfixed>
TODO: Might affect libxslt
CVE-2013-2910 (Use-after-free vulnerability in ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as ...)
- chromium-browser <unfixed>
- [squeeze] - chromium-browser <end-of-life>
CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...)
{DSA-2741-1}
- chromium-browser 29.0.1547.57-1
@@ -9621,7 +9544,6 @@
RESERVED
CVE-2013-2186
RESERVED
- - libcommons-fileupload-java <unfixed> (bug #726601)
CVE-2013-2185 [tomcat: arbitrary file upload via deserialization]
RESERVED
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
@@ -9920,7 +9842,6 @@
RESERVED
CVE-2013-2102
RESERVED
- NOT-FOR-US: GateIn Portal
CVE-2013-2101
RESERVED
CVE-2013-2100
@@ -11134,17 +11055,10 @@
RESERVED
CVE-2013-1744
RESERVED
-CVE-2013-1743 [Cross-Site Scripting]
+CVE-2013-1743
RESERVED
- - bugzilla <not-affected> (Only affects 4.1 to 4.4)
- - bugzilla4 <itp> (bug #669643)
- NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924932
-CVE-2013-1742 [Cross-Site Scripting]
+CVE-2013-1742
RESERVED
- - bugzilla <removed> (low)
- [squeeze] - bugzilla <no-dsa> (Minor issue)
- - bugzilla4 <itp> (bug #669643)
- NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1741
RESERVED
CVE-2013-1740
@@ -11183,17 +11097,10 @@
[squeeze] - icedove <end-of-life>
- iceape <unfixed>
[squeeze] - iceape <end-of-life>
-CVE-2013-1734 [Cross-Site Request Forgery]
+CVE-2013-1734
RESERVED
- - bugzilla <removed> (low)
- [squeeze] - bugzilla <no-dsa> (Minor issue)
- - bugzilla4 <itp> (bug #669643)
- NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=913904
-CVE-2013-1733 [Cross-Site Request Forgery]
+CVE-2013-1733
RESERVED
- - bugzilla <not-affected> (Only affects 4.4)
- - bugzilla4 <itp> (bug #669643)
- NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=911593
CVE-2013-1732 (Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla ...)
{DSA-2762-1 DSA-2759-1}
- iceweasel 24.0-1
@@ -12192,9 +12099,9 @@
RESERVED
CVE-2013-1446
RESERVED
-CVE-2013-1445 [PRNG not correctly reseeded in some situations]
- RESERVED
+CVE-2013-1445 [python-crypto PRNG not correctly reseeded in some situation]
- python-crypto 2.6.1-1
+ RESERVED
CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, ...)
- txt2man 1.5.5-4.1 (bug #724614)
[wheezy] - txt2man <no-dsa> (Minor issue)
@@ -13096,7 +13003,6 @@
RESERVED
CVE-2013-1056
RESERVED
- - xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
CVE-2013-1055
RESERVED
CVE-2013-1054
@@ -22480,10 +22386,8 @@
RESERVED
CVE-2012-4113
RESERVED
- NOT-FOR-US: Cisco
CVE-2012-4112
RESERVED
- NOT-FOR-US: Cisco
CVE-2012-4111 (The create certreq command in the fabric-interconnect component in ...)
NOT-FOR-US: Cisco
CVE-2012-4110 (run-script in the fabric-interconnect component in Cisco Unified ...)
@@ -50124,13 +50028,11 @@
- webkit 1.2.6-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 29.0.1547.57-1
- [squeeze] - chromium-browser <end-of-life>
NOTE: fixed much earlier in chromium, but this was the version checked
CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...)
- webkit 1.2.6-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 29.0.1547.57-1
- [squeeze] - chromium-browser <end-of-life>
NOTE: fixed much earlier in chromium, but this was the version checked
NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
@@ -64216,7 +64118,7 @@
- tomcat-native 1.1.18-1
[lenny] - tomcat-native <no-dsa> (Minor issue)
- gnutls26 <not-affected> (safely handles renegotiation; however support for RFC 5746 would be useful)
- - polarssl 1.3.1-1 (bug #704946)
+ - polarssl <undetermined> (bug #704946)
- classpath <removed>
- zorp 3.9.2-1
[squeeze] - zorp <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list