[Secure-testing-commits] r24190 - data/CVE

[Michael Gilbert]

Author: mgilbert
Date: 2013-10-27 22:06:14 +0000 (Sun, 27 Oct 2013)
New Revision: 24190

Modified:
   data/CVE/list
Log:
systemd info

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-27 21:24:25 UTC (rev 24189)
+++ data/CVE/list	2013-10-27 22:06:14 UTC (rev 24190)
@@ -4188,25 +4188,25 @@
 CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions]
 	RESERVED
 	{DSA-2777-1}
-	- systemd <unfixed> (bug #725357)
+	- systemd 204-5 (bug #725357)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324
 	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680
 CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file]
 	RESERVED
-	- systemd <unfixed> (bug #725357)
+	- systemd 204-5 (bug #725357)
 	[wheezy] - systemd <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104
 	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd
 CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts]
 	RESERVED
-	- systemd <unfixed> (bug #725357)
+	- systemd <unfixed> (low; bug #725357)
 	[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060
+	TODO: no useful information available yet, recheck later
 CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages]
 	RESERVED
 	{DSA-2777-1}
-	- systemd <unfixed> (bug #725357)
-	[wheezy] - systemd <not-affected> (Vulnerable code not present)
+	- systemd 204-5 (bug #725357)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051
 	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e
 CVE-2013-4390