[Secure-testing-commits] r30910 - in data: . CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Mon Dec 22 11:16:03 UTC 2014 

Author: hertzog
Date: 2014-12-22 11:16:03 +0000 (Mon, 22 Dec 2014)
New Revision: 30910

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Mark most ettercap CVE as not affecting squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-12-22 10:52:10 UTC (rev 30909)
+++ data/CVE/list	2014-12-22 11:16:03 UTC (rev 30910)
@@ -28,16 +28,22 @@
 	[squeeze] - mercurial <no-dsa> (Minor issue)
 CVE-2014-9376
 	- ettercap 1:0.8.1-3 (bug #773416)
+	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
 CVE-2014-9377
 	- ettercap 1:0.8.1-3 (bug #773416)
+	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
 CVE-2014-9378
 	- ettercap 1:0.8.1-3 (bug #773416)
+	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
 CVE-2014-9379
 	- ettercap 1:0.8.1-3 (bug #773416)
+	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
 CVE-2014-9380
 	- ettercap 1:0.8.1-3 (bug #773416)
+	NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
 CVE-2014-9381
 	- ettercap 1:0.8.1-3 (bug #773416)
+	NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
 CVE-2014-9403
 	- znc 1.2-4 (bug #744712)
 	[wheezy] - znc <no-dsa> (Minor issue)
@@ -7907,9 +7913,11 @@
 CVE-2014-6396
 	RESERVED
 	- ettercap 1:0.8.1-3 (bug #773416)
+	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
 CVE-2014-6395
 	RESERVED
 	- ettercap 1:0.8.1-3 (bug #773416)
+	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
 CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison ...)
 	- node-send 0.9.4-1
 	NOTE: https://nodesecurity.io/advisories/send-directory-traversal

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2014-12-22 10:52:10 UTC (rev 30909)
+++ data/dla-needed.txt	2014-12-22 11:16:03 UTC (rev 30910)
@@ -20,7 +20,7 @@
 ejabberd
 --
 ettercap
-  NOTE: see discussion with mainainer in #773416
+  NOTE: see discussion with maintainer and upstream author in #773416
 --
 dokuwiki
 --

More information about the Secure-testing-commits mailing list