[Secure-testing-commits] r30479 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Dec 1 18:54:03 UTC 2014
Author: jmm
Date: 2014-12-01 18:54:03 +0000 (Mon, 01 Dec 2014)
New Revision: 30479
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
add c-icap to dsa-needed
updates on squeeze kernel
xen n/a
libnet-server-perl, accountsservice no-dsa
one more chromium issue fixed
miniupnpnc n/a in stable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-01 18:26:37 UTC (rev 30478)
+++ data/CVE/list 2014-12-01 18:54:03 UTC (rev 30479)
@@ -3086,7 +3086,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...)
- linux <unfixed>
- - linux-2.6 <removed>
+ - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089
RESERVED
@@ -9474,6 +9474,7 @@
CVE-2012-6655 [passes (encrypted) passwords as commandline arguments]
RESERVED
- accountsservice <unfixed> (low; bug #757912)
+ [jessie] - accountsservice <no-dsa> (Minor issue)
[wheezy] - accountsservice <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000
CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x ...)
@@ -10490,9 +10491,8 @@
NOT-FOR-US: Conrad Hotel (aka com.wConradHotel) application for Android
CVE-2014-4883 [embedded lwIP's DNS resolver does not randomize ID fields or source ports of DNS query packets]
RESERVED
- - xen <unfixed>
+ - xen <not-affected> (LWIP DNS code not present in Xen Debian packages)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169008
- TODO: check
CVE-2014-4882
RESERVED
CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates ...)
@@ -15518,7 +15518,7 @@
NOTE: Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1)
CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows ...)
- miniupnpc 1.6-4 (low; bug #748913)
- [wheezy] - miniupnpc <no-dsa> (Minor issue)
+ [wheezy] - miniupnpc <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
@@ -23666,6 +23666,7 @@
CVE-2014-0205 (The futex_wait function in kernel/futex.c in the Linux kernel before ...)
- linux 2.6.37
- linux-2.6 2.6.37-1
+ [squeeze] - linux-2.6 2.6.32-28
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704 (v2.6.37)
NOTE: https://lkml.org/lkml/2010/9/16/99
NOTE: Introduced in f801073f87aa2 (around 2.6.31) according to SuSE Bugzilla
@@ -37976,6 +37977,7 @@
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
- libnet-server-perl <unfixed> (low; bug #702914)
+ [jessie] - libnet-server-perl <no-dsa> (Minor issue)
[wheezy] - libnet-server-perl <no-dsa> (Minor issue)
[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-12-01 18:26:37 UTC (rev 30478)
+++ data/dsa-needed.txt 2014-12-01 18:54:03 UTC (rev 30479)
@@ -16,6 +16,8 @@
--
binutils (luciano)
--
+c-icap
+--
chromium-browser
--
getmail4 (iuculano)
@@ -49,6 +51,7 @@
--
tcpdump (carnil)
NOTE: maintainer prepared already debdiffs, need review and ack
+--
tomcat6
--
tomcat7
More information about the Secure-testing-commits
mailing list