[Secure-testing-commits] r30665 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 11 07:48:38 UTC 2014 

Author: carnil
Date: 2014-12-11 07:48:38 +0000 (Thu, 11 Dec 2014)
New Revision: 30665

Modified:
   data/CVE/list
Log:
Add cross-reference to bugreport

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-11 07:41:19 UTC (rev 30664)
+++ data/CVE/list	2014-12-11 07:48:38 UTC (rev 30665)
@@ -14345,7 +14345,7 @@
 CVE-2014-3630
 	RESERVED
 CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in ...)
-	- qpid-cpp <unfixed> (low)
+	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
 CVE-2014-3628
@@ -24462,7 +24462,7 @@
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
 CVE-2014-0212 [on-demand ACL policy loading enables a denial of service by consuming all available file descriptors]
 	RESERVED
-	- qpid-cpp <unfixed> (low)
+	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 	NOTE: Upstream issue: https://issues.apache.org/jira/browse/QPID-4938
 	NOTE: Commit which does no longer build acl support only as plugin: https://svn.apache.org/viewvc?view=revision&revision=r1494697
@@ -49590,13 +49590,13 @@
 	- linux-2.6 <removed>
 	- linux 3.2.35-1
 CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...)
-	- qpid-cpp <unfixed> (low)
+	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...)
-	- qpid-cpp <unfixed> (low)
+	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote ...)
-	- qpid-cpp <unfixed> (low)
+	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
 	- keystone 2012.1.1-9 (bug #689210)
@@ -49636,7 +49636,7 @@
 	- tiff3 3.9.6-9 (bug #688944)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
 CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the ...)
-	- qpid-cpp <unfixed> (low)
+	- qpid-cpp <unfixed> (low; bug #772794)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
 	{DSA-2557-1}

More information about the Secure-testing-commits mailing list