[Secure-testing-commits] r26539 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Apr 14 15:02:17 UTC 2014 

Author: jmm
Date: 2014-04-14 15:02:17 +0000 (Mon, 14 Apr 2014)
New Revision: 26539

Modified:
   data/CVE/list
Log:
glance N/A in stable
new horde3 issue
add lua-expat entry to prosody DSA
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-14 13:30:30 UTC (rev 26538)
+++ data/CVE/list	2014-04-14 15:02:17 UTC (rev 26539)
@@ -27,12 +27,13 @@
 CVE-2014-2744
 	{DSA-2895-1}
 	- prosody 0.9.4-1
+	- lua-expat 1.3.0-1
+	[wheezy] - lua-expat 1.2.0-5+deb7u1
 	NOTE: http://hg.prosody.im/0.9/rev/b3b1c9da38fb
-	TODO: check, additional software
 CVE-2014-2743
-	TODO: check
+	NOT-FOR-US: Openfire
 CVE-2014-2742
-	TODO: check
+	NOT-FOR-US: Openfire
 CVE-2014-2741
 	NOT-FOR-US: Openfire
 CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
@@ -49,7 +50,7 @@
 CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the ...)
 	NOT-FOR-US: PrestaShop
 CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail ...)
-	TODO: check
+	- horde3 <removed>
 CVE-2014-1985 [Open redirector]
 	RESERVED
 	- redmine <unfixed> (bug #743828)
@@ -4600,7 +4601,7 @@
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
 	NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
 CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object ...)
-	TODO: check
+	NOT-FOR-US: OPC Automation 2.0 Server
 CVE-2014-0788
 	RESERVED
 CVE-2014-0787
@@ -5037,7 +5038,7 @@
 CVE-2014-0593
 	RESERVED
 CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
-	TODO: check
+	NOT-FOR-US: Crowbar
 CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
 	- bind9 1:9.9.5.dfsg-2 (bug #735190)
 	[wheezy] - bind9 <not-affected> (Only exploitable in combination with glibc 2.17 and later)
@@ -6909,7 +6910,7 @@
 CVE-2014-0162 [Remote code execution in Glance Sheepdog backend]
 	RESERVED
 	- glance <unfixed>
-	TODO: check
+	[wheezy] - glance <not-affected> (Only affects2013.2 to 2013.2.3)
 CVE-2014-0161
 	RESERVED
 CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before ...)

More information about the Secure-testing-commits mailing list