[Secure-testing-commits] r25610 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Feb 8 15:49:58 UTC 2014 

Author: jmm
Date: 2014-02-08 15:49:57 +0000 (Sat, 08 Feb 2014)
New Revision: 25610

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
7.4 point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-08 15:46:36 UTC (rev 25609)
+++ data/CVE/list	2014-02-08 15:49:57 UTC (rev 25610)
@@ -1049,7 +1049,7 @@
 CVE-2014-1638 ((1) debian/postrm and (2) debian/localepurge.config in localepurge ...)
 	- localepurge 0.7.3.2 (bug #736359)
 	[squeeze] - localepurge <no-dsa> (Minor issue)
-	[wheezy] - localepurge <no-dsa> (Minor issue)
+	[wheezy] - localepurge 0.6.3+deb7u1
 CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module ...)
 	- libmarc-xml-perl 1.0.2-1 (bug #736275)
 	NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
@@ -1186,7 +1186,7 @@
 	RESERVED
 CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	- spip 3.0.13-1 (bug #736170)
-	[wheezy] - spip <no-dsa> (Minor issue)
+	[wheezy] - spip 2.1.17-1+deb7u3
 	[squeeze] - spip <no-dsa> (Minor issue)
 CVE-2013-7302
 	RESERVED
@@ -2208,8 +2208,8 @@
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-7262 (SQL injection vulnerability in the msPostGISLayerSetTimeFilter ...)
 	- mapserver 6.4.1-1 (low; bug #734565)
+	[wheezy] - mapserver 6.0.1-3.2+deb7u2
 	[squeeze] - mapserver <no-dsa> (Minor issue)
-	[wheezy] - mapserver <no-dsa> (Minor issue)
 	NOTE: https://github.com/mapserver/mapserver/issues/4834
 CVE-2013-7261
 	RESERVED
@@ -3886,8 +3886,8 @@
 	[wheezy] - python3.2 <no-dsa> (Minor issue)
 CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check function in ...)
 	- libmicrohttpd 0.9.32-1 (low; bug #731933)
+	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
 	[squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
-	[wheezy] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
 CVE-2013-7038 (The MHD_http_unescape function in libmicrohttpd before 0.9.32 might ...)
 	- libmicrohttpd 0.9.32-1 (low; bug #731933)
@@ -4941,7 +4941,7 @@
 CVE-2013-6889 [Allows reading arbitrary files]
 	RESERVED
 	- rush 1.7+dfsg-4 (bug #733505)
-	[wheezy] - rush <no-dsa> (Minor issue, can be fixed through a point release update)
+	[wheezy] - rush 1.7+dfsg-1+deb7u1
 CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
 	{DSA-2836-1}
 	- devscripts 2.13.9
@@ -7860,7 +7860,7 @@
 	{DSA-2769-1}
 	- kfreebsd-9 9.2~svn255465-1 (bug #722337)
 	- kfreebsd-8 <removed>
-	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-9 is the default kernel, no DSA update planned)
+	[wheezy] - kfreebsd-8 8.3-6+deb7u1
 CVE-2013-5709 (The authentication implementation in the web server on Siemens ...)
 	NOT-FOR-US: Siemens SCALANCE X-200
 CVE-2013-5708 (Coursemill Learning Management System (LMS) 6.8 constructs secret ...)
@@ -7904,7 +7904,7 @@
 	{DSA-2769-1}
 	- kfreebsd-9 9.2~svn255465-1 (bug #722338)
 	- kfreebsd-8 <removed>
-	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-9 is the default kernel, no DSA update planned)
+	[wheezy] - kfreebsd-8 8.3-6+deb7u1
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2013-5687
@@ -9116,7 +9116,7 @@
 CVE-2013-5209 (The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in ...)
 	{DSA-2743-1}
 	- kfreebsd-8 <removed> (bug #720476)
-	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-9 is the default kernel, no DSA update planned)
+	[wheezy] - kfreebsd-8 8.3-6+deb7u1
 	- kfreebsd-9 9.2~svn254368-2 (bug #720475)
 	- kfreebsd-10 10.0~svn254663-1 (bug #720478)
 CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the ...)
@@ -9907,7 +9907,7 @@
 	{DSA-2743-1}
 	- kfreebsd-9 9.1-4 (bug #717958)
 	- kfreebsd-8 8.3-7 (bug #717959)
-	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-9 is the default kernel, no DSA update planned)
+	[wheezy] - kfreebsd-8 8.3-6+deb7u1
 	[squeeze] - kfreebsd-8 <not-affected> (FreeBSD NFS server implementation was not supported in squeeze)
 CVE-2013-4850
 	RESERVED
@@ -10037,8 +10037,8 @@
 	NOT-FOR-US: Cotonti
 CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...)
 	- eglibc 2.17-94 (low; bug #717178)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to statically linked binaries)
-	[wheezy] - eglibc <no-dsa> (Incorrect hardening, only applies to statically linked binaries)
 CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
 	NOT-FOR-US: Android
 CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange ...)
@@ -10957,7 +10957,7 @@
 	- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
 CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc <unfixed> (low; bug #727181)
-	[wheezy] - eglibc <no-dsa> (Will be fixed in next point update)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072
@@ -11402,7 +11402,7 @@
 	NOT-FOR-US: OpenPNE
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
 	- eglibc 2.17-93 (bug #722536)
-	[wheezy] - eglibc <no-dsa> (Will be fixed in next point update)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
 CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...)
 	- lightdm 1.6.2-1 (bug #721744)
@@ -11726,7 +11726,7 @@
 	NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
 CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
 	- eglibc 2.17-94 (bug #719558)
-	[wheezy] - eglibc <no-dsa> (Will be fixed in next point update)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
 	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
@@ -14491,7 +14491,7 @@
 CVE-2013-3077 (Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER ...)
 	{DSA-2743-1}
 	- kfreebsd-8 <removed> (bug #720470)
-	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-9 is the default kernel, no DSA update planned)
+	[wheezy] - kfreebsd-8 8.3-6+deb7u1
 	- kfreebsd-9 9.2~svn254368-2 (bug #720468)
 	- kfreebsd-10 10.0~svn254663-1 (bug #720471)
 CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...)
@@ -17853,7 +17853,7 @@
 	NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2
 CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc 2.17-2 (low; bug #704623) 
-	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
 	{DSA-2813-1}
@@ -17908,10 +17908,9 @@
 	NOTE: https://fedorahosted.org/389/ticket/47308
 CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly ...)
 	- apache2 2.4.6-1 (low; bug #717272)
+	[wheezy] - apache2 2.2.22-13+deb7u1
 	[squeeze] - apache2 <no-dsa> (Minor issue)
-	[wheezy] - apache2 <no-dsa> (Minor issue)
 	NOTE: http://www.gossamer-threads.com/lists/apache/announce/427633
-	NOTE: Patch against 2.4 branch: http://svn.apache.org/viewvc?view=revision&revision=1486461
 CVE-2013-1895 [concurrency issue leading to auth bypass]
 	RESERVED
 	- python-bcrypt 0.4-1 (bug #704030)
@@ -18017,6 +18016,7 @@
 	NOTE: http://www.samba.org/samba/security/CVE-2013-1863
 CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server ...)
 	- apache2 2.4.1-1 (unimportant)
+	[wheezy] - apache2 2.2.22-13+deb7u1
 	NOTE: Such injection issues are not treated as security issues
 CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, ...)
 	{DSA-2818-1 DSA-2780-1}
@@ -23038,7 +23038,7 @@
 	NOTE: https://drupal.org/SA-CORE-2013-001
 CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
 	- eglibc 2.17-2 (low; bug #699399)
-	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2013/q1/202
 CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...)
@@ -28968,7 +28968,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
 	- eglibc 2.17-94 (low; bug #689423)
-	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...)
 	- libvirt 0.9.12-5 (bug #687598)
@@ -29010,7 +29010,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
 	- eglibc 2.17-94 (low; bug #687530)
-	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ...)
 	{DSA-2543-1}

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2014-02-08 15:46:36 UTC (rev 25609)
+++ data/next-point-update.txt	2014-02-08 15:49:57 UTC (rev 25610)
@@ -1,42 +0,0 @@
-CVE-2012-4412
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2012-4424
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-0242
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-1914
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-4237
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-4332
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-4458
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-4788
-	[wheezy] - eglibc 2.13-38+deb7u1
-CVE-2013-7038
-	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
-CVE-2013-7039
-	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
-CVE-2013-7262
-	[wheezy] - mapserver 6.0.1-3.2+deb7u2
-CVE-2013-7303
-	[wheezy] - spip 2.1.17-1+deb7u3
-CVE-2013-6889
-	[wheezy] - rush 1.7+dfsg-1+deb7u1
-CVE-2014-1638
-	[wheezy] - localepurge 0.6.3+deb7u1
-CVE-2013-4851
-	[wheezy] - kfreebsd-8 8.3-6+deb7u1
-CVE-2013-3077
-	[wheezy] - kfreebsd-8 8.3-6+deb7u1
-CVE-2013-5209
-	[wheezy] - kfreebsd-8 8.3-6+deb7u1
-CVE-2013-5691
-	[wheezy] - kfreebsd-8 8.3-6+deb7u1
-CVE-2013-5710
-	[wheezy] - kfreebsd-8 8.3-6+deb7u1
-CVE-2013-1896
-	[wheezy] - apache2 2.2.22-13+deb7u1
-CVE-2013-1862
-	[wheezy] - apache2 2.2.22-13+deb7u1 (unimportant)

More information about the Secure-testing-commits mailing list