[Secure-testing-commits] r25019 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Jan 2 12:50:33 UTC 2014


Author: jmm
Date: 2014-01-02 12:50:33 +0000 (Thu, 02 Jan 2014)
New Revision: 25019

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
add libxml-security-java to dsa-needed
mark base-passwd as unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-02 12:18:35 UTC (rev 25018)
+++ data/CVE/list	2014-01-02 12:50:33 UTC (rev 25019)
@@ -3552,7 +3552,8 @@
 CVE-2013-6341 (SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows ...)
 	NOT-FOR-US: Dokeos
 CVE-2004-XXXX [base-passwd: sets valid shells for system services]
-	- bass-passwd <unfixed> (low; bug #274229)
+	- bass-passwd <unfixed> (unimportant; bug #274229)
+	NOTE: Hardening, not a direct vulnerability
 CVE-2013-6366 (The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote ...)
 	NOT-FOR-US: VMware Hyperic HQ
 CVE-2013-6365 [CSRF edit.php]

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-01-02 12:18:35 UTC (rev 25018)
+++ data/dsa-needed.txt	2014-01-02 12:50:33 UTC (rev 25019)
@@ -35,6 +35,8 @@
 --
 ffmpeg/oldstable (geissert)
 --
+libxml-security-java
+--
 libspring-java
 --
 libtar (luciano)




More information about the Secure-testing-commits mailing list