[Secure-testing-commits] r25099 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jan 8 07:32:37 UTC 2014 

Author: jmm
Date: 2014-01-08 07:32:37 +0000 (Wed, 08 Jan 2014)
New Revision: 25099

Modified:
   data/CVE/list
Log:
gdm no-dsa/not-affected
kernel triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-08 07:22:13 UTC (rev 25098)
+++ data/CVE/list	2014-01-08 07:32:37 UTC (rev 25099)
@@ -372,7 +372,9 @@
 CVE-2014-0790
 	RESERVED
 CVE-2013-7273 [no prompt anymore after login cancel using disable_user_list]
-	- gdm3 <unfixed> (bug #683338)
+	- gdm3 <unfixed> (low; bug #683338)
+	[wheezy] - gdm3 <no-dsa> (Minor issue)
+	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
 CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel ...)
 	- linux-2.6 <removed>
 	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
@@ -1790,8 +1792,9 @@
 CVE-2013-7028
 	RESERVED
 CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in ...)
-	- linux 3.11.7-1
-	- linux-2.6 <removed>
+	- linux 3.11.7-1 (unimportant)
+	- linux-2.6 <removed> (unimportant)
+	NOTE: Non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=1040010#c1
 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
 	- linux 3.12.5-1
 	[wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
@@ -8505,7 +8508,7 @@
 	RESERVED
 	- gitlab <itp> (bug #651606)
 CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in ...)
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (ath9k not yet present)
 	- linux <unfixed> (bug #729573)
 	NOTE: http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
 CVE-2013-4578
@@ -8815,6 +8818,7 @@
 CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before ...)
 	- linux 3.11.8-1 (low)
 	- linux-2.6 <removed> (low)
+	[squeeze] - linux-2.6 <no-dsa> (Minor issue, too intrusive to backport)
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8
 CVE-2013-4482 (Untrusted search path vulnerability in python-paste-script (aka ...)
 	NOT-FOR-US: LuCi
@@ -32225,8 +32229,8 @@
 	- linux-2.6 3.2.19-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram ...)
-	- linux 3.11.10-1 (low)
-	NOTE: rds is not included in distributed kernel images
+	- linux 3.11.10-1 (unimportant)
+	NOTE: rds is not included in distributed kernel images, only marked as "experimental"
 CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
 	NOT-FOR-US: WP-FaceThumb plugin for WordPress
 CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in ...)

More information about the Secure-testing-commits mailing list