[Secure-testing-commits] r25013 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jan 2 08:31:11 UTC 2014
Author: jmm
Date: 2014-01-02 08:31:11 +0000 (Thu, 02 Jan 2014)
New Revision: 25013
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
one kernel issue sid only, one no-dsa
no-dsa for pending glibc point update, remove from dsa-needed.txt
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-02 08:11:39 UTC (rev 25012)
+++ data/CVE/list 2014-01-02 08:31:11 UTC (rev 25013)
@@ -953,7 +953,8 @@
- linux-2.6 <removed>
CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
- linux 3.12.5-1
- - linux-2.6 <removed>
+ [wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
+ - linux-2.6 <not-affected> (Introduced in 8b8d52ac382b)
CVE-2013-7089 [dbg_printhex possible information leak]
RESERVED
- clamav 0.97.7+dfsg-1
@@ -3159,8 +3160,8 @@
CVE-2013-6463 [Linux kernel: net: memory leak in recvmsg handlermsg_name & msg_namelen logic]
RESERVED
- linux-2.6 <removed>
+ [squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
- linux 3.12.6-1
- TODO: check for wheezy and squeeze
NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-6462
@@ -8492,6 +8493,7 @@
NOT-FOR-US: OpenPNE
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
- eglibc 2.17-93 (bug #722536)
+ [wheezy] - eglibc <no-dsa> (Will be fixed in point update)
CVE-2013-4331 [incorrect .Xauthority permissions]
RESERVED
- lightdm 1.6.2-1 (bug #721744)
@@ -8812,8 +8814,7 @@
NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
- eglibc 2.17-94 (bug #719558)
- [wheezy] - eglibc <unfixed> (low; bug #719558)
- [squeeze] - eglibc <unfixed> (low; bug #719558)
+ [wheezy] - eglibc <no-dsa> (Will be fixed in point update)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-01-02 08:11:39 UTC (rev 25012)
+++ data/dsa-needed.txt 2014-01-02 08:31:11 UTC (rev 25013)
@@ -20,8 +20,6 @@
--
djvulibre/oldstable (geissert)
--
-eglibc
---
gnutls26/oldstable
--
iceweasel
More information about the Secure-testing-commits
mailing list