[Secure-testing-commits] r26750 - data/CVE

Wed Apr 30 07:05:05 UTC 2014

Author: jmm
Date: 2014-04-30 07:05:05 +0000 (Wed, 30 Apr 2014)
New Revision: 26750

Modified:
   data/CVE/list
Log:
NFUs
virtualenvwrapper no-dsa
neutron n/a in stable


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-04-30 05:57:21 UTC (rev 26749)
+++ data/CVE/list	2014-04-30 07:05:05 UTC (rev 26750)
@@ -1,3 +1,5 @@
+CVE-2013-7374 
+	NOT-FOR-US: indicator-datetime
 CVE-2014-XXXX [handle BrowseAllow directive securely]
 	- cups-filters 1.0.53-1
 	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
@@ -198,8 +200,9 @@
 CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security ...)
 	NOT-FOR-US: F-Secure
 CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
-	- virtualenvwrapper <unfixed> (bug #745580)
-	TODO: verify
+	- virtualenvwrapper <unfixed> (low; bug #745580)
+	[wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
+	[squeeze] - virtualenvwrapper <no-dsa> (Minor issue)
 CVE-2014-2907
 	RESERVED
 	- wireshark 1.10.7-1 (bug #745595)
@@ -315,7 +318,6 @@
 	{DSA-2916-1}
 	- libmms 0.6.2-4 (bug #745301)
 	- xine-lib <not-affected> (mmsh is libmms-specific)
-	TODO: confirm xine-lib assertion
 	NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
 CVE-2014-2893 [scan-build: insecure use of /tmp]
 	RESERVED
@@ -545,17 +547,17 @@
 	RESERVED
 	NOT-FOR-US: MODX Revolution
 CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
-	TODO: check
+	NOT-FOR-US: WinSCP
 CVE-2014-2734
 	RESERVED
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
 	NOTE: https://gist.github.com/gdisneyleugers/10446549
 CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Siemens SINEMA
 CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated web ...)
-	TODO: check
+	NOT-FOR-US: Siemens SINEMA
 CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web server in ...)
-	TODO: check
+	NOT-FOR-US: Siemens SINEMA
 CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the ...)
 	NOT-FOR-US: SAP
 CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain unspecified ...)
@@ -7667,6 +7669,7 @@
 CVE-2014-0187 [Neutron security groups bypass through invalid CIDR]
 	RESERVED
 	- neutron <unfixed>
+	[wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and 2014.1)
 CVE-2014-0186
 	RESERVED
 CVE-2014-0185
@@ -7714,6 +7717,7 @@
 	NOT-FOR-US: JBoss EAP
 CVE-2014-0168
 	RESERVED
+	NOT-FOR-US: Jolokia
 CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack Compute ...)
 	- nova 2013.2.3-1 (bug #744051)
 	[wheezy] - nova <not-affected> (Only affects 2013.1 to 2013.2.3)


