[Secure-testing-commits] r25013 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Jan 2 08:31:11 UTC 2014 

Author: jmm
Date: 2014-01-02 08:31:11 +0000 (Thu, 02 Jan 2014)
New Revision: 25013

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
one kernel issue sid only, one no-dsa
no-dsa for pending glibc point update, remove from dsa-needed.txt


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-02 08:11:39 UTC (rev 25012)
+++ data/CVE/list	2014-01-02 08:31:11 UTC (rev 25013)
@@ -953,7 +953,8 @@
 	- linux-2.6 <removed>
 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
 	- linux 3.12.5-1
-	- linux-2.6 <removed>
+	[wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
+	- linux-2.6 <not-affected> (Introduced in 8b8d52ac382b)
 CVE-2013-7089 [dbg_printhex possible information leak]
 	RESERVED
 	- clamav 0.97.7+dfsg-1
@@ -3159,8 +3160,8 @@
 CVE-2013-6463 [Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic]
 	RESERVED
 	- linux-2.6 <removed>
+	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
 	- linux 3.12.6-1
-	TODO: check for wheezy and squeeze
 	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
 	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
 CVE-2013-6462
@@ -8492,6 +8493,7 @@
 	NOT-FOR-US: OpenPNE
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
 	- eglibc 2.17-93 (bug #722536)
+	[wheezy] - eglibc <no-dsa> (Will be fixed in point update)
 CVE-2013-4331 [incorrect .Xauthority permissions]
 	RESERVED
 	- lightdm 1.6.2-1 (bug #721744)
@@ -8812,8 +8814,7 @@
 	NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
 CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
 	- eglibc 2.17-94 (bug #719558)
-	[wheezy] - eglibc <unfixed> (low; bug #719558)
-	[squeeze] - eglibc <unfixed> (low; bug #719558)
+	[wheezy] - eglibc <no-dsa> (Will be fixed in point update)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
 	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
 CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-01-02 08:11:39 UTC (rev 25012)
+++ data/dsa-needed.txt	2014-01-02 08:31:11 UTC (rev 25013)
@@ -20,8 +20,6 @@
 --
 djvulibre/oldstable (geissert)
 --
-eglibc
---
 gnutls26/oldstable
 --
 iceweasel

More information about the Secure-testing-commits mailing list