[Secure-testing-commits] r30877 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Sun Dec 21 03:33:26 UTC 2014 

Author: mgilbert
Date: 2014-12-21 03:33:25 +0000 (Sun, 21 Dec 2014)
New Revision: 30877

Modified:
   data/CVE/list
Log:
triage a few issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-21 02:44:41 UTC (rev 30876)
+++ data/CVE/list	2014-12-21 03:33:25 UTC (rev 30877)
@@ -392,7 +392,7 @@
 CVE-2014-9221
 	RESERVED
 CVE-2014-9217 (Graylog2 before 0.92 allows remote attackers to bypass LDAP ...)
-	TODO: check
+	- graylog2 <itp> (bug #652273)
 CVE-2014-9216
 	RESERVED
 CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in ...)
@@ -843,7 +843,7 @@
 CVE-2014-9061
 	RESERVED
 CVE-2014-9060 (The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
-	TODO: check
+	NOT-FOR-US: Moodle LTI Module
 CVE-2014-9058
 	RESERVED
 CVE-2014-9057
@@ -3066,7 +3066,7 @@
 	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
 CVE-2014-8475 (FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos ...)
-	TODO: check
+	- openssh <not-affected> (freebsd-specific build system issue)
 CVE-2014-8474 (CA Cloud Service Management (CSM) before Summer 2014 allows remote ...)
 	NOT-FOR-US: CA Cloud Service Management
 CVE-2014-8473 (Cross-site request forgery (CSRF) vulnerability in CA Cloud Service ...)
@@ -5833,7 +5833,7 @@
 CVE-2014-7292 (Open redirect vulnerability in the Click-Through feature in ...)
 	NOT-FOR-US: Newtelligence dasBlog
 CVE-2014-7291 (Multiple cross-site scripting (XSS) vulnerabilities in api_events.php ...)
-	TODO: check
+	NOT-FOR-US: Springshare LibCal
 CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems ...)
 	NOT-FOR-US: Atlas Systems Aeon
 CVE-2014-7289
@@ -6124,7 +6124,7 @@
 	RESERVED
 	NOT-FOR-US: Crumb
 CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package ...)
-	TODO: check
+	- nodejs <unfixed> (bug #773623)
 CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact ...)
 	- node-qs 2.2.4-1
 	NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
@@ -8351,8 +8351,7 @@
 	[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
 	[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
 CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote ...)
-	- cgminer <undetermined>
-	TODO: check
+	- cgminer <unfixed> (bug #773624)
 CVE-2014-6250
 	RESERVED
 CVE-2014-6249
@@ -10427,7 +10426,7 @@
 CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO ...)
 	NOT-FOR-US: TIBCO Spotfire Server
 CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with ...)
-	TODO: check
+	- ossec-hids <itp> (bug #361954)
 CVE-2014-5283
 	RESERVED
 CVE-2014-5282 [Tagging image to ID can redirect images on subsequent pulls]

More information about the Secure-testing-commits mailing list