[Secure-testing-commits] r26667 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Apr 22 18:04:54 UTC 2014 

Author: jmm
Date: 2014-04-22 18:04:54 +0000 (Tue, 22 Apr 2014)
New Revision: 26667

Modified:
   data/CVE/list
Log:
cleanup some TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-22 17:15:36 UTC (rev 26666)
+++ data/CVE/list	2014-04-22 18:04:54 UTC (rev 26667)
@@ -7761,7 +7761,6 @@
 CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net ...)
 	- linux 3.13.10-1
 	- linux-2.6 <not-affected> (Vulnerable code not present)
-	TODO: check
 	NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
 	NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
 CVE-2014-0054
@@ -7901,7 +7900,6 @@
 	- vnc4 <unfixed> (unimportant)
 	NOTE: may affect related *VNC implementations if built with NDEBUG
 	NOTE: e.g. vnc4 seems to have similar code in common/rfb/zrleDecode.h
-	TODO: check
 CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	- moodle 2.5.4-1
 	[squeeze] - moodle <not-affected> (Code correctly checks session key)
@@ -11038,7 +11036,6 @@
 	NOTE: http://martin.swende.se/blog/HTTPChunked.html
 CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
 	- apache2 <unfixed>
-	TODO: check
 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
 	NOT-FOR-US: DrayTek Vigor 2700 router
 CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in ...)
@@ -12327,8 +12324,7 @@
 CVE-2013-5186 (Power Management in Apple Mac OS X before 10.9 does not properly ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2013-5185 (The ldapsearch command-line program in OpenLDAP in Apple Mac OS X ...)
-	TODO: ask on oss-sec, Apple people are on the list
-	NOTE: does anyone have more information on this? I don't find anything from openldap upstream related to this.
+	NOT-FOR-US: Apple Mac OS X
 CVE-2013-5184 (The kernel in Apple Mac OS X before 10.9 does not properly check for ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2013-5183 (Mail in Apple Mac OS X before 10.9, when Kerberos authentication is ...)

More information about the Secure-testing-commits mailing list