[Secure-testing-commits] r25727 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Feb 13 14:37:51 UTC 2014 

Author: jmm
Date: 2014-02-13 14:37:51 +0000 (Thu, 13 Feb 2014)
New Revision: 25727

Modified:
   data/CVE/list
Log:
svn no-dsa
new libv8 issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-02-13 12:59:56 UTC (rev 25726)
+++ data/CVE/list	2014-02-13 14:37:51 UTC (rev 25727)
@@ -293,8 +293,8 @@
 	NOT-FOR-US: Dokeos
 CVE-2014-1876 [insecure temp file handling]
 	RESERVED
-	- openjdk-7 <unfixed> (bug #737562)
-	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed> (low; bug #737562)
+	- openjdk-6 <unfixed> (low)
 CVE-2014-1875 [insecure use of /tmp]
 	RESERVED
 	- libcapture-tiny-perl 0.24-1 (bug #737835)
@@ -4968,7 +4968,9 @@
 	RESERVED
 CVE-2014-0032 [mod_dav_svn crash when handling certain requests with SVNListParentPath on]
 	RESERVED
-	- subversion <unfixed> (bug #737815)
+	- subversion <unfixed> (low; bug #737815)
+	[squeeze] - subversion <no-dsa> (Minor issue)
+	[wheezy] - subversion <no-dsa> (Minor issue)
 CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache ...)
 	NOT-FOR-US: Apache CloudStack
 CVE-2014-0030
@@ -5054,9 +5056,9 @@
 CVE-2014-0002
 	RESERVED
 CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...)
-	- mysql-5.1 <removed>
-	- mysql-5.5 <unfixed> (bug #737596)
-	- mariadb-5.5 <unfixed> (bug #737597)
+	- mysql-5.1 <removed> (low)
+	- mysql-5.5 <unfixed> (low; bug #737596)
+	- mariadb-5.5 <unfixed> (low; bug #737597)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1054592
 	NOTE: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
 CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth ...)
@@ -5666,10 +5668,12 @@
 	RESERVED
 CVE-2013-6650 (The StoreBuffer::ExemptPopularPages function in store-buffer.cc in ...)
 	- chromium-browser <unfixed>
-	TODO: check, other source packages might be affected
+	- libv8 <removed>
+	- libv8-3.14 <unfixed>
 CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
 	- chromium-browser <unfixed>
-	TODO: check
+	- libv8 <removed>
+	- libv8-3.14 <unfixed>
 CVE-2013-6648
 	RESERVED
 CVE-2013-6647

More information about the Secure-testing-commits mailing list