[Secure-testing-commits] r23803 - in data: . CVE

Fri Sep 27 12:13:44 UTC 2013

Author: jmm
Date: 2013-09-27 12:13:44 +0000 (Fri, 27 Sep 2013)
New Revision: 23803

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
vino no-dsa
DSA needed for proftpd
bug filed for librsvg


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-09-27 11:41:14 UTC (rev 23802)
+++ data/CVE/list	2013-09-27 12:13:44 UTC (rev 23803)
@@ -403,6 +403,8 @@
 CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server]
 	RESERVED
 	- vino <unfixed> (low; bug #724545)
+	[wheezy] - vino <no-dsa> (Minor issue)
+	[squeeze] - vino <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2013/Sep/105
 CVE-2013-5740 (Unspecified vulnerability in the Intel Trusted Execution Technology ...)
 	NOT-FOR-US: Intel Trusted Execution Technology
@@ -10092,8 +10094,7 @@
 	RESERVED
 CVE-2013-1881 [local resource access vulnerability due to XXE]
 	RESERVED
-	- librsvg <unfixed>
-	TODO: check
+	- librsvg <unfixed> (bug #724741)
 CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application]
 	RESERVED
 	- activemq <not-affected> (portfolio demo app not shipped in Debian package)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2013-09-27 11:41:14 UTC (rev 23802)
+++ data/dsa-needed.txt	2013-09-27 12:13:44 UTC (rev 23803)
@@ -76,6 +76,8 @@
 --
 policykit-1
 --
+proftpd-dfsg
+--
 quagga
 --
 qt4-x11/oldstable


