[Secure-testing-commits] r26581 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Apr 16 09:14:11 UTC 2014
Author: joeyh
Date: 2014-04-16 09:14:11 +0000 (Wed, 16 Apr 2014)
New Revision: 26581
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-16 08:30:29 UTC (rev 26580)
+++ data/CVE/list 2014-04-16 09:14:11 UTC (rev 26581)
@@ -971,6 +971,7 @@
[wheezy] - readline6 <no-dsa> (Minor issue)
[squeeze] - readline6 <no-dsa> (Minor issue)
CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through ...)
+ {DSA-2906-1}
- linux 3.13.10-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
@@ -1414,6 +1415,7 @@
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
NOT-FOR-US: Atlassian JIRA
CVE-2013-7339 (The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel ...)
+ {DSA-2906-1}
- linux 3.13-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
@@ -2350,6 +2352,7 @@
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the ...)
+ {DSA-2906-1}
- linux 3.13.5-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
@@ -2715,6 +2718,7 @@
[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
CVE-2014-1874 (The security_context_to_sid_core function in ...)
+ {DSA-2906-1}
- linux 3.13.4-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98, first included in v3.14-rc2
@@ -3008,51 +3012,65 @@
CVE-2014-1730
RESERVED
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1727 (Use-after-free vulnerability in ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1726 (The drag implementation in Google Chrome before 34.0.1847.116 allows ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1725 (The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1724 (Use-after-free vulnerability in Free(b)soft Laboratory Speech ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- speech-dispatcher <unfixed> (low)
NOTE: no specific information available (possibly already be fixed in 0.8), the fix in chromium was to disable speechd by default
CVE-2014-1723 (The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1722 (Use-after-free vulnerability in the ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1721 (Google V8, as used in Google Chrome before 34.0.1847.116, does not ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1720 (Use-after-free vulnerability in the HTMLBodyElement::insertedInto ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1719 (Use-after-free vulnerability in the ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1718 (Integer overflow in the SoftwareFrameManager::SwapToNewFrame function ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1717 (Google V8, as used in Google Chrome before 34.0.1847.116, does not ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
+ {DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
@@ -3938,16 +3956,19 @@
- drupal6 <removed>
- drupal7 7.26-1
CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux ...)
+ {DSA-2906-1}
- linux 3.12.8-1 (low)
- linux-2.6 <removed> (low)
[wheezy] - linux 3.2.54-1
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed
CVE-2014-1445 (The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux ...)
+ {DSA-2906-1}
- linux 3.12.6-1 (low)
- linux-2.6 <removed> (low)
[wheezy] - linux 3.2.53-1
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1
CVE-2014-1444 (The fst_get_iface function in drivers/net/wan/farsync.c in the Linux ...)
+ {DSA-2906-1}
- linux 3.12.6-1 (low)
- linux-2.6 <removed> (low)
[wheezy] - linux 3.2.53-1
@@ -5308,12 +5329,15 @@
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel ...)
+ {DSA-2906-1}
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel ...)
+ {DSA-2906-1}
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before ...)
+ {DSA-2906-1}
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
CVE-2013-7251 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
@@ -7495,6 +7519,7 @@
NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
NOTE: patch: http://www.kernelhub.org/?msg=425013&p=2
CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the ...)
+ {DSA-2906-1}
- linux 3.13.6-1
- linux-2.6 <removed>
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e
@@ -9336,19 +9361,23 @@
CVE-2013-6384 ((1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 ...)
- ceilometer 2013.2-4 (bug #730227)
CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the ...)
+ {DSA-2906-1}
- linux-2.6 <removed>
- linux 3.11.8-1
NOTE: http://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux ...)
+ {DSA-2906-1}
- linux-2.6 <removed> (low)
- linux 3.11.10-1 (low)
[wheezy] - linux 3.2.53-1
CVE-2013-6381 (Buffer overflow in the qeth_snmp_command function in ...)
+ {DSA-2906-1}
- linux-2.6 <removed> (low)
- linux 3.11.10-1 (low)
[wheezy] - linux 3.2.53-1
NOTE: http://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62
CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in ...)
+ {DSA-2906-1}
- linux-2.6 <removed>
- linux 3.11.10-1
[wheezy] - linux 3.2.53-1
@@ -9392,6 +9421,7 @@
- linux-2.6 <removed>
[wheezy] - linux 3.2.54-1
CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM ...)
+ {DSA-2906-1}
- linux 3.12.5-1
- linux-2.6 <removed>
[wheezy] - linux 3.2.54-1
@@ -13600,12 +13630,14 @@
[squeeze] - graphicsmagick <no-dsa> (Minor issue)
[wheezy] - graphicsmagick <no-dsa> (Minor issue)
CVE-2013-4588 (Multiple stack-based buffer overflows in ...)
+ {DSA-2906-1}
- linux <not-affected> (fixed in 2.6.33)
- linux-2.6 2.6.37-1
NOTE: 2.6.37-1 first version including 2.6.33 in unstable for linux-2.6
NOTE: https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
NOTE: http://seclists.org/fulldisclosure/2013/Nov/77
CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in ...)
+ {DSA-2906-1}
- linux 3.12.5-1
- linux-2.6 <removed>
[wheezy] - linux 3.2.54-1
@@ -13907,11 +13939,13 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2c65cd2e14ada6de44cb527e7f1990bede24e15
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4512 (Buffer overflow in the exitcode_proc_write function in ...)
+ {DSA-2906-1}
- linux 3.11.8-1 (low)
- linux-2.6 <removed> (low)
[wheezy] - linux 3.2.53-1
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=201f99f170df14ba52ea4c52847779042b7a623b
CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the ...)
+ {DSA-2906-1}
- linux 3.11.8-1
- linux-2.6 <removed>
[wheezy] - linux 3.2.53-1
@@ -14504,6 +14538,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/129
CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...)
+ {DSA-2906-1}
- linux-2.6 <removed>
- linux 3.11.5-1
[wheezy] - linux 3.2.53-1
@@ -14656,6 +14691,7 @@
[wheezy] - linux <not-affected> (Not exploitable by unprivileged users in 3.2)
- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the ...)
+ {DSA-2906-1}
- linux-2.6 <unfixed>
- linux 3.11.6-2
[wheezy] - linux 3.2.53-1
@@ -15115,7 +15151,7 @@
- linux 3.10.5-1
- linux-2.6 <not-affected> (Introduced in 3.5)
CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 ...)
- {DSA-2745-1}
+ {DSA-2906-1 DSA-2745-1}
- linux 3.10.5-1 (low)
- linux-2.6 <removed> (low)
CVE-2013-4161
@@ -17965,6 +18001,7 @@
- linux 3.11.8-1
NOTE: Introduced by ced39002f5ea
CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable ...)
+ {DSA-2906-1}
- linux-2.6 <removed>
- linux 3.11.10-1
[wheezy] - linux 3.2.53-2
@@ -18111,6 +18148,7 @@
[wheezy] - linux <not-affected> (driver introduced in 3.6)
- linux-2.6 <not-affected> (driver introduced in 3.6)
CVE-2013-2893 (The Human Interface Device (HID) subsystem in the Linux kernel through ...)
+ {DSA-2906-1}
- linux 3.11.5-1 (low)
- linux-2.6 <removed> (low)
[wheezy] - linux 3.2.53-1
@@ -18127,6 +18165,7 @@
- linux <not-affected> (buzz driver introduced in 3.11 cycle, only in experimental)
- linux-2.6 <not-affected> (buzz driver introduced in 3.11 cycle)
CVE-2013-2889 (drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem ...)
+ {DSA-2906-1}
- linux 3.11.5-1 (low)
- linux-2.6 <removed> (low)
[wheezy] - linux 3.2.53-1
@@ -20194,6 +20233,7 @@
[squeeze] - linux-2.6 <not-affected> (fanotify introduced in 2.6.36)
- linux 3.9.8-1 (low)
CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 ...)
+ {DSA-2906-1}
- linux-2.6 <removed> (low)
- linux 3.11.5-1 (low)
[wheezy] - linux 3.2.53-1
@@ -25862,6 +25902,7 @@
CVE-2013-0344
RESERVED
CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
+ {DSA-2906-1}
- linux 3.10.11-1 (low)
[wheezy] - linux 3.2.51-1
- linux-2.6 <removed> (low)
More information about the Secure-testing-commits
mailing list