[Secure-testing-commits] r30837 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Dec 19 06:30:26 UTC 2014
Author: jmm
Date: 2014-12-19 06:30:26 +0000 (Fri, 19 Dec 2014)
New Revision: 30837
Modified:
data/CVE/list
Log:
svn fixed
no-dsa: ganglia, libkdcraw, glibc
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-19 01:55:52 UTC (rev 30836)
+++ data/CVE/list 2014-12-19 06:30:26 UTC (rev 30837)
@@ -52,6 +52,7 @@
CVE-2014-9402 [endless loop in getaddr_r]
- glibc <unfixed>
- eglibc <removed>
+ [wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
CVE-2014-XXXX [freetype: out of bounds write]
- freetype <unfixed> (unimportant; bug #773084)
@@ -197,7 +198,7 @@
CVE-2014-9305 (SQL injection vulnerability in the shortcodeProductsTable function in ...)
NOT-FOR-US: shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin for WordPress
CVE-2014-9304 (Plex Media Server before 0.9.9.3 allows remote attackers to bypass the ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server
CVE-2014-9303 (EntryPass N5200 Active Network Control Panel allows remote attackers ...)
NOT-FOR-US: EntryPass
CVE-2014-9302 (Server-side request forgery (SSRF) vulnerability in the cmisbrowser ...)
@@ -437,7 +438,7 @@
CVE-2014-9182 (models/comment.php in Anchor CMS 0.9.2 and earlier allows remote ...)
NOT-FOR-US: Anchor CMS
CVE-2014-9181 (Multiple directory traversal vulnerabilities in Plex Media Server ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server
CVE-2014-9180 (Open redirect vulnerability in go.php in Eleanor CMS allows remote ...)
NOT-FOR-US: Eleanor CMS
CVE-2014-9179 (Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket ...)
@@ -3863,6 +3864,7 @@
RESERVED
CVE-2014-8144
RESERVED
+ NOT-FOR-US: doorkeeper OAuth provider
CVE-2014-8143
RESERVED
CVE-2014-8142
@@ -3968,7 +3970,7 @@
[squeeze] - apache2 <not-affected> (mod_lua only in 2.4)
CVE-2014-8108
RESERVED
- - subversion <unfixed> (bug #773315)
+ - subversion 1.8.10-5 (bug #773315)
[wheezy] - subversion <not-affected> (Introduced in 1.7.0)
[squeeze] - subversion <not-affected> (Introduced in 1.7.0)
NOTE: http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
@@ -4500,7 +4502,7 @@
CVE-2014-7880
RESERVED
CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
NOT-FOR-US: HP Helion Cloud Development Platform
CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
@@ -4769,7 +4771,7 @@
CVE-2014-7808
RESERVED
CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows ...)
- TODO: check
+ NOT-FOR-US: Apache CloudStack
CVE-2014-7806
RESERVED
CVE-2014-7805
@@ -7695,7 +7697,7 @@
- percona-xtradb-cluster-5.5 <undetermined>
- cyassl <undetermined>
CVE-2014-6477 (Unspecified vulnerability in the JPublisher component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2014-6476 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -12513,27 +12515,27 @@
CVE-2014-4476
RESERVED
CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4473 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4472 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4471 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4470 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4469 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4467
RESERVED
CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4464
RESERVED
CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...)
@@ -14328,7 +14330,6 @@
- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2014-3703 (OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic ...)
NOT-FOR-US: Red Hat Openstack 4 Neutron
- TODO: seem Red Hat specific to nova, but double check
CVE-2014-3702
RESERVED
CVE-2014-3701
@@ -14775,7 +14776,7 @@
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6
CVE-2014-3580
RESERVED
- - subversion <unfixed> (bug #773263)
+ - subversion 1.8.10-5 (bug #773263)
NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
CVE-2014-3579
RESERVED
@@ -26958,6 +26959,7 @@
[squeeze] - ganglia <not-affected> (Vulnerable code not present)
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
- ganglia 3.6.0-1
+ [wheezy] - ganglia <no-dsa> (Minor issue)
NOTE: ganglia-web and ganglia are now two separate source packages
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
NOTE: https://github.com/ganglia/ganglia-web/issues/218
@@ -38078,6 +38080,8 @@
[wheezy] - libraw <no-dsa> (Not suitable for code injection, minor issue)
[squeeze] - libraw <not-affected> (Vulnerable code not present)
- libkdcraw 4:4.8.4-2 (low; bug #711317)
+ [wheezy] - libkdcraw <no-dsa> (Not suitable for code injection, minor issue)
+ - libkdcraw 4:4.8.4-2 (low; bug #711317)
- darktable 1.2.1-2 (unimportant; bug #711316)
NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable
- kdegraphics <removed>
More information about the Secure-testing-commits
mailing list