[Secure-testing-commits] r25573 - data/CVE

Fri Feb 7 18:07:04 UTC 2014

Author: jmm
Date: 2014-02-07 18:07:04 +0000 (Fri, 07 Feb 2014)
New Revision: 25573

Modified:
   data/CVE/list
Log:
no-dsa: chrony, devscripts
not-affected: nova (2x)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-02-07 17:54:29 UTC (rev 25572)
+++ data/CVE/list	2014-02-07 18:07:04 UTC (rev 25573)
@@ -138,7 +138,9 @@
 	RESERVED
 	NOT-FOR-US: Echor Ruby Gem
 CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 ...)
-	- devscripts <unfixed> (bug #737160)
+	- devscripts <unfixed> (low; bug #737160)
+	[squeeze] - devscripts <no-dsa> (Minor issue)
+	[wheezy] - devscripts <no-dsa> (Minor issue)
 CVE-2013-XXXX [python's zipfile infinite loop on malformed files]
 	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
@@ -4757,7 +4759,9 @@
 	NOT-FOR-US: yum cron
 CVE-2014-0021 [traffic amplification in cmdmon protocol]
 	RESERVED
-	- chrony <unfixed> (bug #737644)
+	- chrony <unfixed> (low; bug #737644)
+	[squeeze] - chrony <no-dsa> (Minor issue)
+	[wheezy] - chrony <no-dsa> (Minor issue)
 CVE-2014-0020
 	RESERVED
 	- pidgin 2.10.8-1
@@ -6067,6 +6071,7 @@
 CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...)
 	- neutron 2013.2.1-1
 	- nova 2013.2.1-1
+        [wheezy] - nova <not-affected> (Only exploitable in combination in neutron, not in Wheezy)
 	NOTE: https://launchpad.net/bugs/1235450
 CVE-2013-6418 [TOCTOU vulnerability in certificate validation]
 	RESERVED
@@ -10744,6 +10749,7 @@
 	NOT-FOR-US: Drupal contrib module
 CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and ...)
 	- nova 2013.2-1
+	[wheezy] - nova <not-affected> (OpenStack Essex is not affected)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1073306
 	NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
 	NOTE: https://bugs.launchpad.net/nova/+bug/1202266


