[Secure-testing-commits] r26421 - in data: . CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2014-04-02 15:53:39 +0000 (Wed, 02 Apr 2014)
New Revision: 26421

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
The changes for CVE-2014-1626 will likely be too intrusive to backport

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-02 13:59:30 UTC (rev 26420)
+++ data/CVE/list	2014-04-02 15:53:39 UTC (rev 26421)
@@ -3218,7 +3218,11 @@
 	[wheezy] - localepurge 0.6.3+deb7u1
 CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module ...)
 	- libmarc-xml-perl 1.0.2-1 (bug #736275)
+	[wheezy] - libmarc-xml-perl <no-dsa> (Too intrusive to backport)
+	[squeeze] - libmarc-xml-perl <no-dsa> (Too intrusive to backport)
 	NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
+	NOTE: older versions do not have the ability to set a user custom parser, trying to fix CVE-2014-1626 not clear yet
+	NOTE: upstream developer contacted and is looking into it; backport fix might be to intrusive due to change in used Module
 CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function in ...)
 	- pyxdg 0.25-4 (low; bug #736247)
 	[squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-04-02 13:59:30 UTC (rev 26420)
+++ data/dsa-needed.txt	2014-04-02 15:53:39 UTC (rev 26421)
@@ -33,10 +33,6 @@
 --
 liblivemedia/stable (geissert)
 --
-libmarc-xml-perl (carnil)
-  NOTE: older versions do not have the ability to set a user custom parser, trying to fix CVE-2014-1626 not clear yet
-  NOTE: upstream developer contacted and is looking into it; backport fix might be to intrusive due to change in used Module
---
 libplrpc-perl
 --
 libv8