[Secure-testing-commits] r30876 - data/CVE

[Michael Gilbert]

Author: mgilbert
Date: 2014-12-21 02:44:41 +0000 (Sun, 21 Dec 2014)
New Revision: 30876

Modified:
   data/CVE/list
Log:
some python triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-20 22:22:48 UTC (rev 30875)
+++ data/CVE/list	2014-12-21 02:44:41 UTC (rev 30876)
@@ -24132,20 +24132,14 @@
 	[squeeze] - pam <no-dsa> (Minor issue)
 	[wheezy] - pam <no-dsa> (Minor issue)
 CVE-2013-7040 (Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...)
-	- python2.5 <removed> (low)
-	- python2.6 <removed> (low)
-	- python2.7 <unfixed> (low)
-	- python3.1 <removed> (low)
-	- python3.2 <removed> (low)
-	- python3.3 <removed> (low)
-	[squeeze] - python2.5 <no-dsa> (Not backportable)
-	[squeeze] - python2.6 <no-dsa> (Not backportable)
-	[wheezy] - python2.6 <no-dsa> (Not backportable)
-	[wheezy] - python2.7 <no-dsa> (Not backportable)
-	[jessie] - python2.7 <no-dsa> (Not backportable)
-	[squeeze] - python3.1 <no-dsa> (Not backportable)
-	[wheezy] - python3.2 <no-dsa> (Not backportable)
-	NOTE: Upstream will change to siphash in 3.4, no backport planned
+	- python2.5 <removed> (unimportant)
+	- python2.6 <removed> (unimportant)
+	- python2.7 <unfixed> (unimportant)
+	- python3.1 <removed> (unimportant)
+	- python3.2 <removed> (unimportant)
+	- python3.3 <removed> (unimportant)
+	- python3.4 3.4.0-1 (unimportant)
+	NOTE: upstream tagged this as wontfix for versions older than 3.4
 CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check function in ...)
 	- libmicrohttpd 0.9.32-1 (low; bug #731933)
 	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
@@ -39378,7 +39372,7 @@
 	RESERVED
 	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
-	- python2.7 2.7.9~rc1-2 (low; bug #742929)
+	- python2.7 2.7.9-1 (low; bug #742929)
 	- python3.1 <removed> (low)
 	- python3.2 <removed> (low)
 	- python3.3 <removed> (low; bug #742928)
@@ -39396,7 +39390,7 @@
 	RESERVED
 	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
-	- python2.7 2.7.9~rc1-2 (low; bug #742929)
+	- python2.7 2.7.9-1 (low; bug #742929)
 	- python3.1 <removed> (low)
 	- python3.2 <removed> (low)
 	- python3.3 <removed> (low; bug #742928)
@@ -79269,11 +79263,11 @@
 	[squeeze] - python2.5 <no-dsa> (Minor issue)
 	[lenny] - python2.5 <no-dsa> (Minor issue)
 CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle ...)
-	- python2.7 <unfixed> (unimportant)
-	- python3.1 <unfixed> (unimportant)
+	- python2.7 2.7.8-11 (unimportant)
+	- python3.1 <removed> (unimportant)
 	- python3.2 <removed> (unimportant)
-	NOTE: Unfixable design limitation, which needs to be coped with in applications
-	NOTE: This CVE is about proper documentation
+	- python3.2 3.4.2-1 (unimportant)
+	NOTE: likely fixed much earlier, but these were the versions checked
 CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...)
 	NOT-FOR-US: TIBCO ActiveMatrix Service Grid
 CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)