[Secure-testing-commits] r23529 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Sep 3 12:04:56 UTC 2013 

Author: jmm
Date: 2013-09-03 12:04:55 +0000 (Tue, 03 Sep 2013)
New Revision: 23529

Modified:
   data/CVE/list
Log:
two kernel issues not in oldstable
two kernel issues specific to RHEL


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-03 07:42:16 UTC (rev 23528)
+++ data/CVE/list	2013-09-03 12:04:55 UTC (rev 23529)
@@ -5462,7 +5462,7 @@
 	[wheezy] - linux <not-affected> (Introduced in 3.7)
 CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows ...)
 	{DSA-2669-1}
-	- linux-2.6 <removed> (low)
+	- linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux 3.8.11-1 (low)
 	NOTE: https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
 	NOTE: Not enabled in default kernels
@@ -8394,7 +8394,7 @@
 	- linux-2.6 <removed> (low)
 	- linux <unfixed> (low)
 CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before ...)
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (Introduced in 3.1)
 	- linux 3.9.4-1
 	[wheezy] - linux 3.2.46-1
 CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
@@ -9118,8 +9118,8 @@
 	[wheezy] - curl 7.26.0-1+wheezy2
 	NOTE: http://curl.haxx.se/docs/adv_20130412.html
 CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check ...)
-	- linux 3.0-1
-	- linux-2.6 <removed>
+	- linux <not-affected> (RHEL-specific backport regression)
+	- linux-2.6 <not-affected> (RHEL-specific backport regression)
 CVE-2013-1942 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
 	- owncloud <not-affected> (Depends on libjs-jquery-jplayer)
 	- jquery-jplayer 2.1.0-2
@@ -9147,9 +9147,8 @@
 CVE-2013-1936
 	RESERVED
 CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...)
-	- linux <unfixed>
-	- linux-2.6 <removed>
-	NOTE: Might be RHEL-specific, contacted Red Hat
+	- linux <not-affected> (RHEL-specific backport regression)
+	- linux-2.6 <not-affected> (RHEL-specific backport regression)
 CVE-2013-1934 [mantis: XSS issue in adm_config_report.php when displaying complex value]
 	RESERVED
 	- mantis <unfixed> (low; bug #717482)

More information about the Secure-testing-commits mailing list