[Secure-testing-commits] r26726 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Apr 28 14:48:58 UTC 2014 

Author: jmm
Date: 2014-04-28 14:48:58 +0000 (Mon, 28 Apr 2014)
New Revision: 26726

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
update kernel status for wheezy
dsa-needed: modsecurity
no-dsa: speech-dispatcher
record erlang fix from 7.5 point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-28 14:45:36 UTC (rev 26725)
+++ data/CVE/list	2014-04-28 14:48:58 UTC (rev 26726)
@@ -620,8 +620,8 @@
 	- node-marked 0.3.1+dfsg-1
 	NOTE: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
 CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in ...)
-	- linux <unfixed>
-	- linux-2.6 <removed>
+	- linux <unfixed> (low)
+	- linux-2.6 <removed> (low)
 	NOTE: https://lkml.org/lkml/2014/4/10/736
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
 CVE-2014-2830 [cifs-utils: pam module pam_cifscreds stack overflow]
@@ -1202,7 +1202,8 @@
 	RESERVED
 CVE-2013-7348 (Double free vulnerability in the ioctx_alloc function in fs/aio.c in ...)
 	- linux 3.13.4-1
-	- linux-2.6 <removed>
+	[wheezy] - linux <not-affected> (Introduced and fixed in 3.13 series)
+	- linux-2.6 <not-affected> (Introduced and fixed in 3.13 series)
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f
 CVE-2013-7347 (Luci in Red Hat Conga does not properly enforce the user session ...)
 	NOT-FOR-US: Red Hat Conga
@@ -3355,6 +3356,8 @@
 	- chromium-browser 34.0.1847.116-1
 	[squeeze] - chromium-browser <end-of-life>
 	- speech-dispatcher <unfixed> (low; bug #745808)
+	[squeeze] - speech-dispatcher <no-dsa> (Minor issue)
+	[wheezy] - speech-dispatcher <no-dsa> (Minor issue)
 	NOTE: no specific information available (possibly already be fixed in 0.8), the fix in chromium was to disable speechd by default
 CVE-2014-1723 (The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in ...)
 	{DSA-2905-1}
@@ -3473,7 +3476,7 @@
 	RESERVED
 	- erlang 1:16.b.3.1-dfsg-3 (low; bug #738132)
 	[squeeze] - erlang <no-dsa> (Minor issue)
-	[wheezy] - erlang <no-dsa> (Minor issue)
+	[wheezy] - erlang 1:15.b.1-dfsg-4+deb7u1
 CVE-2014-1692 (The hash_buffer function in schnorr.c in OpenSSH through 6.4, when ...)
 	- openssh <not-affected> (J-PAKE not activated)
 CVE-2014-1691 (The framework/Util/lib/Horde/Variables.php script in the Util library ...)
@@ -5241,6 +5244,7 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
 	- linux 3.12.6-1
+	[wheezy] - linux 3.2.54-1
 	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux ...)
@@ -5254,24 +5258,28 @@
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
 	- linux 3.12.6-1
+	[wheezy] - linux 3.2.54-1
 	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel ...)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
 	- linux 3.12.6-1
+	[wheezy] - linux 3.2.54-1
 	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel ...)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
 	- linux 3.12.6-1
+	[wheezy] - linux 3.2.54-1
 	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the ...)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
 	- linux 3.12.6-1
+	[wheezy] - linux 3.2.54-1
 	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-7262 (SQL injection vulnerability in the msPostGISLayerSetTimeFilter ...)
@@ -5646,15 +5654,18 @@
 CVE-2014-0612 (Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before ...)
 	NOT-FOR-US: Juniper Junos
 CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux ...)
-	- linux-2.6 <removed> (low)
+	- linux-2.6 <not-affected> (Introduced in 3.10)
 	- linux 3.12.6-1 (low)
+	[wheezy] - linux <not-affected> (Introduced in 3.10)
 CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel ...)
 	{DSA-2906-1}
 	- linux-2.6 <removed> (low)
+	[wheezy] - linux 3.2.54-1
 	- linux 3.12.6-1 (low)
 CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel ...)
 	{DSA-2906-1}
 	- linux-2.6 <removed> (low)
+	[wheezy] - linux 3.2.54-1
 	- linux 3.12.6-1 (low)
 CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before ...)
 	{DSA-2906-1}
@@ -7670,6 +7681,7 @@
 	RESERVED
 CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel ...)
 	- linux <unfixed> (low)
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60
 CVE-2014-0154
@@ -9688,6 +9700,7 @@
 CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the ...)
 	{DSA-2906-1}
 	- linux-2.6 <removed>
+	[wheezy] - linux 3.2.53-1
 	- linux 3.11.8-1
 	NOTE: http://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
 CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux ...)
@@ -9718,7 +9731,8 @@
 	REJECTED
 CVE-2013-6376 (The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM ...)
 	- linux 3.12.5-1
-	- linux-2.6 <removed>
+	[wheezy] - linux <not-affected> (Introduced in 3.7)
+	- linux-2.6 <not-affected> (Introduced in 3.7)
 CVE-2013-6375 (Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does ...)
 	- xen <unfixed> (bug #730254)
 	[squeeze] - xen <not-affected> (Only affects >= 4.2)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-04-28 14:45:36 UTC (rev 26725)
+++ data/dsa-needed.txt	2014-04-28 14:48:58 UTC (rev 26726)
@@ -24,6 +24,8 @@
 jquery/oldstable
   Maintainer prepared an update
 --
+libapache-mod-security/oldstable
+--
 liblivemedia/stable (geissert)
 --
 libmms (jmm)
@@ -42,6 +44,8 @@
 --
 mupdf
 --
+modsecurity-apache/stable
+--
 moodle/oldstable
 --
 mysql-5.5/stable

More information about the Secure-testing-commits mailing list