[Secure-testing-commits] r30980 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Dec 26 18:27:43 UTC 2014
Author: jmm
Date: 2014-12-26 18:27:43 +0000 (Fri, 26 Dec 2014)
New Revision: 30980
Modified:
data/CVE/list
Log:
mark glpi as unimportant
libssh no-dsa
n/a for tiff3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-26 09:10:21 UTC (rev 30979)
+++ data/CVE/list 2014-12-26 18:27:43 UTC (rev 30980)
@@ -620,6 +620,7 @@
CVE-2014-9330 [integer overflow in bmp2tiff]
RESERVED
- tiff <unfixed>
+ - tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494
CVE-2014-9329
RESERVED
@@ -780,7 +781,7 @@
CVE-2014-9259
RESERVED
CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...)
- - glpi <unfixed>
+ - glpi <unfixed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-9257
RESERVED
@@ -4426,6 +4427,7 @@
CVE-2014-8132 [Possible double free on a dangling pointer with crafted kexinit packet]
RESERVED
- libssh <unfixed> (bug #773577)
+ [wheezy] - libssh <no-dsa> (Minor issue)
[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
NOTE: http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
CVE-2014-8131 [deadlock and segfault in qemuConnectGetAllDomainStats]
More information about the Secure-testing-commits
mailing list