[Secure-testing-commits] r23714 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Sep 18 14:57:35 UTC 2013
Author: jmm
Date: 2013-09-18 14:57:34 +0000 (Wed, 18 Sep 2013)
New Revision: 23714
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
python/ssl, python-oauth no-dsa
ffmpeg triage
remove wireshark entry which was not deemed CVE-worthy
DSA needed for icedtea-web
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-18 14:32:40 UTC (rev 23713)
+++ data/CVE/list 2013-09-18 14:57:34 UTC (rev 23714)
@@ -26,7 +26,7 @@
RESERVED
CVE-2013-XXXX [poppler / JPEG error handler]
- poppler 0.16.3-1 (bug #722705)
-CVE-2013-XXXX [Unsecure use of system]
+CVE-2013-XXXX [Insecure use of system]
- davfs2 <unfixed> (bug #723034)
NOTE: http://savannah.nongnu.org/bugs/?40034
CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server]
@@ -85,8 +85,6 @@
RESERVED
CVE-2013-5711 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Design-approval-system Plugin for WordPress
-CVE-2013-XXXX [https://www.wireshark.org/security/wnpa-sec-2013-60.html ]
- - wireshark 1.10.2-1
CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x ...)
{DSA-2756-1}
- wireshark 1.10.2-1
@@ -3129,12 +3127,14 @@
RESERVED
CVE-2013-4347 [Uses poor PRNG]
RESERVED
- - python-oauth2 <unfixed> (bug #722657)
+ - python-oauth2 <unfixed> (low; bug #722657)
+ [wheezy] - python-oauth2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/9
CVE-2013-4346 [_check_signature() ignores the nonce value when validating signed urls]
RESERVED
- - python-oauth2 <unfixed> (bug #722656)
+ - python-oauth2 <unfixed> (low; bug #722656)
+ [wheezy] - python-oauth2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/129
CVE-2013-4345
@@ -3472,12 +3472,18 @@
NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6 ...)
- - python2.5 <removed>
- - python2.6 <removed>
- - python2.7 2.7.5-8 (bug #719566)
- - python3.1 <removed>
- - python3.2 <removed> (bug #719568)
- - python3.3 3.3.2-6 (bug #719567)
+ - python2.5 <removed> (low)
+ [squeeze] - python2.5 <no-dsa> (Minor issue)
+ - python2.6 <removed> (low)
+ [squeeze] - python2.6 <no-dsa> (Minor issue)
+ [wheezy] - python2.6 <no-dsa> (Minor issue)
+ - python2.7 2.7.5-8 (low; bug #719566)
+ [wheezy] - python2.7 <no-dsa> (Minor issue)
+ - python3.1 <removed> (low)
+ [squeeze] - python3.1 <no-dsa> (Minor issue)
+ - python3.2 <removed> (low; bug #719568)
+ [wheezy] - python3.2 <no-dsa> (Minor issue)
+ - python3.3 3.3.2-6 (low; bug #719567)
NOTE: http://bugs.python.org/issue18709
NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
CVE-2013-4237 [Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters]
@@ -12583,7 +12589,9 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed> (bug #717009)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
+ NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
+ NOTE: Needed in ffmpeg 0.5
CVE-2013-0854 [libavcodec/mjpegdec.c]
RESERVED
- ffmpeg <removed>
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2013-09-18 14:32:40 UTC (rev 23713)
+++ data/dsa-needed.txt 2013-09-18 14:57:34 UTC (rev 23714)
@@ -27,6 +27,8 @@
--
gnutls26/oldstable
--
+icedtea-web
+--
icedove (jmm)
--
iceape (jmm)
More information about the Secure-testing-commits
mailing list