[Secure-testing-commits] r26496 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Apr 10 14:57:06 UTC 2014 

Author: jmm
Date: 2014-04-10 14:57:06 +0000 (Thu, 10 Apr 2014)
New Revision: 26496

Modified:
   data/CVE/list
Log:
new kernel issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-10 06:21:13 UTC (rev 26495)
+++ data/CVE/list	2014-04-10 14:57:06 UTC (rev 26496)
@@ -23,7 +23,10 @@
 CVE-2014-2741
 	NOT-FOR-US: Openfire
 CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
+CVE-2014-2739 [IB/core: crash while resolving passive side RoCE L2 address in cma req handler]
+	- linux <unfixed> (low)
+	- linux-2.6 <removed> (low)
 CVE-2014-2729
 	RESERVED
 CVE-2014-2728
@@ -1418,11 +1421,11 @@
 CVE-2014-2146
 	RESERVED
 CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2142
 	RESERVED
 CVE-2014-2141
@@ -1474,13 +1477,13 @@
 CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Cisco PRSM
 CVE-2014-2117 (Multiple open redirect vulnerabilities in Cisco Emergency Responder ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2116 (Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2115 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2114 (Cross-site scripting (XSS) vulnerability in UserServlet in Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...)
@@ -2019,7 +2022,6 @@
 	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
 	[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not present)
 	NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage?
-	TODO: still double check squeeze
 	NOTE: http://secunia.com/advisories/56844/
 	NOTE: http://trac.imagemagick.org/changeset/14801
 CVE-2014-XXXX [phpbb3: denial of service vulnerability]
@@ -4432,7 +4434,7 @@
 CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2014-0827 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim ...)
-	TODO: check
+	NOT-FOR-US: IBM InfoSphere
 CVE-2014-0826
 	RESERVED
 CVE-2014-0825

More information about the Secure-testing-commits mailing list