[Secure-testing-commits] r30510 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Dec 3 16:38:56 UTC 2014 

Author: jmm
Date: 2014-12-03 16:38:56 +0000 (Wed, 03 Dec 2014)
New Revision: 30510

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
no-dsa: pyrad, rpcbind
one more icewesel issue n/a
mark libv8-314 as unsupported
fix entries for symfony, this is actually the NFUed Symphony CMS


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-03 16:07:57 UTC (rev 30509)
+++ data/CVE/list	2014-12-03 16:38:56 UTC (rev 30510)
@@ -3966,7 +3966,7 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
 	- chromium-browser <undetermined>
 	[squeeze] - chromium-browser <end-of-life>
 	TODO: CVE description indicates upsteam 38.0.2125.101 fixed this, but there isn't enough information available to check yet
@@ -15318,7 +15318,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
@@ -15333,7 +15334,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
@@ -15360,7 +15362,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...)
 	- chromium-browser <not-affected> (only affects versions supporting Apple's facetime)
 CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
@@ -15512,7 +15515,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-3151
 	RESERVED
 CVE-2014-3150
@@ -19358,7 +19362,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
 	{DSA-2920-1}
 	- chromium-browser 34.0.1847.132-1
@@ -19366,7 +19371,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2920-1}
 	- chromium-browser 34.0.1847.132-1
@@ -19390,7 +19396,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
 	{DSA-2905-1}
 	- chromium-browser 34.0.1847.116-1
@@ -19398,7 +19405,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2905-1}
 	- chromium-browser 34.0.1847.116-1
@@ -19454,7 +19462,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
 	{DSA-2905-1}
 	- chromium-browser 34.0.1847.116-1
@@ -19462,7 +19471,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -19494,7 +19504,8 @@
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	- libv8 <removed>
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -19502,7 +19513,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2014-1703 (Use-after-free vulnerability in the ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -19815,10 +19827,8 @@
 	[squeeze] - icedove <end-of-life>
 CVE-2014-1589
 	RESERVED
-	- iceweasel <unfixed>
-	- icedove <unfixed>
-	[squeeze] - iceweasel <end-of-life>
-	[squeeze] - icedove <end-of-life>
+	- iceweasel <not-affected> (Only affects Firefox 33)
+	- icedove <not-affected> (Only affects Firefox 33)
 CVE-2014-1588
 	RESERVED
 	- iceweasel <not-affected> (Only affects Firefox 33)
@@ -25401,7 +25411,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -25471,7 +25482,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
 	{DSA-2862-1}
 	- chromium-browser 32.0.1700.123-1
@@ -25479,7 +25491,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-6648
 	RESERVED
 CVE-2013-6647
@@ -35113,7 +35126,8 @@
 	- libv8 <unfixed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-2918 (Use-after-free vulnerability in the ...)
 	{DSA-2785-1}
 	- chromium-browser 30.0.1599.101-1
@@ -35267,7 +35281,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, ...)
 	{DSA-2732-1}
 	- chromium-browser 28.0.1500.95-1
@@ -35439,7 +35454,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
 	{DSA-2695-1}
 	- chromium-browser 27.0.1453.93-1
@@ -35887,7 +35903,8 @@
 	- libv8 <removed>
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
-	- libv8-3.14 <unfixed>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2013-2631
 	RESERVED
 CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager ...)
@@ -43054,6 +43071,7 @@
 CVE-2013-0342 [CreateID() creates serialized packet IDs for RADIUS]
 	RESERVED
 	- pyrad <unfixed> (low; bug #701151)
+	[jessie] - pyrad <no-dsa> (Minor issue)
 	[wheezy] - pyrad <no-dsa> (Minor issue)
 	[squeeze] - pyrad <no-dsa> (Minor issue)
 	NOTE: this is initially related to #700669
@@ -51524,6 +51542,7 @@
 	- rpcbind <unfixed> (low)
 	[squeeze] - rpcbind <no-dsa> (Minor issue)
 	[wheezy] - rpcbind <no-dsa> (Minor issue)
+	[jessie] - rpcbind <no-dsa> (Minor issue)
 	- nfs-utils 1:1.2.5-1 (bug #457095)
 	NOTE: Upstream git repository of rpcbind: http://git.infradead.org/users/steved/rpcbind.git
 	NOTE: Based on discussion with upstream there's likely no security hole
@@ -62546,9 +62565,9 @@
 CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-4341 (Multiple SQL injection vulnerabilities in ...)
-	- symfony <removed>
+	NOT-FOR-US: Symphony CMS
 CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...)
-	- symfony <removed>
+	NOT-FOR-US: Symphony CMS
 CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ...)
 	{DSA-2376-2 DSA-2376-1}
 	- ipmitool 1.8.11-5 (bug #651917)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-12-03 16:07:57 UTC (rev 30509)
+++ data/dsa-needed.txt	2014-12-03 16:38:56 UTC (rev 30510)
@@ -22,9 +22,9 @@
 --
 getmail4 (iuculano)
 --
-icedove
+icedove (jmm)
 --
-iceweasel
+iceweasel (jmm)
 --
 libav
 --

More information about the Secure-testing-commits mailing list