[Secure-testing-commits] r25725 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Feb 13 10:58:01 UTC 2014 

Author: jmm
Date: 2014-02-13 10:58:01 +0000 (Thu, 13 Feb 2014)
New Revision: 25725

Modified:
   data/CVE/list
Log:
no-dsa: 9base, gamera, 3eyed
unimportant: rc, pacemaker


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-13 10:34:56 UTC (rev 25724)
+++ data/CVE/list	2014-02-13 10:58:01 UTC (rev 25725)
@@ -91,7 +91,7 @@
 CVE-2014-1871
 	RESERVED
 CVE-2014-1870 (Opera before 19 on Mac OS X allows user-assisted remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- db4o <unfixed>
 	NOTE: in -doc package
@@ -120,13 +120,20 @@
 	- python-rply <unfixed> (bug #737627)
 	NOTE: this CVE is for the insecure use of /tmp as followup for CVE-2014-1604
 CVE-2014-1937 [insecure use of /tmp]
-	- gamera <unfixed> (bug #737324)
+	- gamera <unfixed> (low; bug #737324)
+	[squeeze] - gamera <no-dsa> (Minor issue)
+	[wheezy] - gamera <no-dsa> (Minor issue)
 CVE-2014-1936 [insecure use of /tmp]
-	- rc 1.7.1-5 (bug #737125)
+	- rc 1.7.1-5 (unimportant; bug #737125)
+	NOTE: Only in the test suite, not part of the standard package
 CVE-2014-1935 [insecure use of /tmp]
-	- 9base <unfixed> (bug #737206)
+	- 9base <unfixed> (low; bug #737206)
+	[squeeze] - 9base <no-dsa> (Minor issue)
+	[wheezy] - 9base <no-dsa> (Minor issue)
 CVE-2014-1934 [insecure use of /tmp]
-	- eyed3 <unfixed> (bug #737062)
+	- eyed3 <unfixed> (low; bug #737062)
+	[squeeze] - eyed3 <no-dsa> (Minor issue)
+	[wheezy] - eyed3 <no-dsa> (Minor issue)
 CVE-2014-1933 [sensitive filename information on commandline visible]
 	- pillow <unfixed> (bug #737059)
 CVE-2014-1932 [insecure use of /tmp]
@@ -279,7 +286,6 @@
 	- python3.3 <unfixed> (low)
 	- python3.4 <unfixed> (low)
 	NOTE: http://bugs.python.org/issue20246
-	TODO: check
 CVE-2014-1877 [Multiple Stored XSS]
 	RESERVED
 	NOT-FOR-US: Dokeos
@@ -1206,9 +1212,8 @@
 	NOTE: https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
 	NOTE: fixed upstream in 3.0.17
 CVE-2011-5271 [configure creates temp files insecurely]
-	- pacemaker <unfixed> (bug #633964)
-	[wheezy] - pacemaker <no-dsa> (Minor issue)
-	[squeeze] - pacemaker <no-dsa> (Minor issue)
+	- pacemaker <unfixed> (unimportant; bug #633964)
+	NOTE: Only exploitable at build time
 CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
 	TODO: check
 CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, ...)

More information about the Secure-testing-commits mailing list