[Secure-testing-commits] r25622 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-02-09 01:07:07 +0000 (Sun, 09 Feb 2014)
New Revision: 25622

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
vbox not limited to local DoS, add to dsa-needed and remove no-dsa entries
collabtive, logilab no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-08 23:45:28 UTC (rev 25621)
+++ data/CVE/list	2014-02-09 01:07:07 UTC (rev 25622)
@@ -154,10 +154,14 @@
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
 CVE-2014-1839
 	RESERVED
-	- logilab-common <unfixed> (bug #737051)
+	- logilab-common <unfixed> (low; bug #737051)
+	[squeeze] - logilab-common <no-dsa> (Minor issue)
+	[wheezy] - logilab-common <no-dsa> (Minor issue)
 CVE-2014-1838
 	RESERVED
-	- logilab-common <unfixed> (bug #737051)
+	- logilab-common <unfixed> (low; bug #737051)
+	[squeeze] - logilab-common <no-dsa> (Minor issue)
+	[wheezy] - logilab-common <no-dsa> (Minor issue)
 CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento ...)
 	NOT-FOR-US: Joomla com_komento
 CVE-2014-1836
@@ -3259,13 +3263,9 @@
 CVE-2014-0407 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox-ose <removed> (low)
 	- virtualbox <unfixed> (low; bug #735410)
-	[squeeze] - virtualbox-ose <no-dsa> (Minor issue, limited to local DoS)
-	[wheezy] - virtualbox <no-dsa> (Minor issue, limited to local DoS)
 CVE-2014-0406 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox-ose <removed> (low)
 	- virtualbox <unfixed> (low; bug #735410)
-	[squeeze] - virtualbox-ose <no-dsa> (Minor issue, limited to local DoS)
-	[wheezy] - virtualbox <no-dsa> (Minor issue, limited to local DoS)
 CVE-2014-0405 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox-guest-additions <removed> (bug #735410)
 	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
@@ -3274,8 +3274,6 @@
 CVE-2014-0404 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox-ose <removed> (low)
 	- virtualbox <unfixed> (low; bug #735410)
-	[squeeze] - virtualbox-ose <no-dsa> (Minor issue, limited to local DoS)
-	[wheezy] - virtualbox <no-dsa> (Minor issue, limited to local DoS)
 CVE-2014-0403 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -4978,7 +4976,8 @@
 CVE-2013-6873 (SQL injection vulnerability in Testa Online Test Management System ...)
 	NOT-FOR-US: Testa Online Test Management System
 CVE-2013-6872 (SQL injection vulnerability in managetimetracker.php in Collabtive ...)
-	- collabtive 1.2-1
+	- collabtive 1.2-1 (low)
+	[wheezy] - collabtive <no-dsa> (Minor issue)
 CVE-2013-6871
 	RESERVED
 CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
@@ -7390,8 +7389,6 @@
 CVE-2013-5892 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox-ose <removed> (low)
 	- virtualbox <unfixed> (low; bug #735410)
-	[squeeze] - virtualbox-ose <no-dsa> (Minor issue, limited to local DoS)
-	[wheezy] - virtualbox <no-dsa> (Minor issue, limited to local DoS)
 	TODO: recheck, might be not limited to local DoS according to #735410
 CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	{DSA-2848-1}

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-02-08 23:45:28 UTC (rev 25621)
+++ data/dsa-needed.txt	2014-02-09 01:07:07 UTC (rev 25622)
@@ -76,7 +76,9 @@
 qt4-x11/oldstable
 --
 tomcat7/stable (jmm)
- --
+--
+virtualbox
+--
 vlc
   it probably makes sense to update to the 2.0.x point releases
 --
@@ -85,3 +87,5 @@
 --
 xlhtml
 --
+
+