[Secure-testing-commits] r30813 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Dec 18 10:11:05 UTC 2014 

Author: jmm
Date: 2014-12-18 10:11:04 +0000 (Thu, 18 Dec 2014)
New Revision: 30813

Modified:
   data/CVE/list
Log:
ettercap fixed
freetype unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-18 09:10:20 UTC (rev 30812)
+++ data/CVE/list	2014-12-18 10:11:04 UTC (rev 30813)
@@ -1,15 +1,15 @@
 CVE-2014-9376
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-9377
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-9378
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-9379
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-9380
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-9381
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-9403
 	- znc 1.2-4 (bug #744712)
 	[wheezy] - znc <no-dsa> (Minor issue)
@@ -41,9 +41,10 @@
 	- eglibc <removed>
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
 CVE-2014-XXXX [freetype: out of bounds write]
-	- freetype <unfixed> (bug #773084)
+	- freetype <unfixed> (unimportant; bug #773084)
 	[wheezy] - freetype <not-affected> (introduced in freetype 2.5)
 	[squeeze] - freetype <not-affected> (introduced in freetype 2.5)
+	NOTE: The affected code isn't enabled in Debian, see #773084
 CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in ...)
 	NOT-FOR-US: LoginToboggan Drupal Module
 CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...)
@@ -7825,10 +7826,10 @@
 	RESERVED
 CVE-2014-6396
 	RESERVED
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-6395
 	RESERVED
-	- ettercap <unfixed> (bug #773416)
+	- ettercap 1:0.8.1-3 (bug #773416)
 CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison ...)
 	- node-send 0.9.4-1
 	NOTE: https://nodesecurity.io/advisories/send-directory-traversal

More information about the Secure-testing-commits mailing list