[Secure-testing-commits] r25103 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jan 8 08:50:42 UTC 2014 

Author: jmm
Date: 2014-01-08 08:50:42 +0000 (Wed, 08 Jan 2014)
New Revision: 25103

Modified:
   data/CVE/list
Log:
freerdp unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-08 07:57:07 UTC (rev 25102)
+++ data/CVE/list	2014-01-08 08:50:42 UTC (rev 25103)
@@ -420,9 +420,9 @@
 CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer ...)
 	TODO: check
 CVE-2014-0791 (Integer overflow in the license_read_scope_list function in ...)
-	- freerdp <unfixed>
+	- freerdp <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
-	TODO: check
+	NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
 CVE-2014-0789
 	RESERVED
 CVE-2014-0788
@@ -955,6 +955,7 @@
 	- bip 0.8.9-1
 	[squeeze] - bip <no-dsa> (Minor issue)
 	[wheezy] - bip <no-dsa> (Minor issue)
+	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
 CVE-2014-0590
 	RESERVED
 CVE-2014-0589
@@ -4080,8 +4081,6 @@
 CVE-2013-6441 [lxc: sshd template allow privilege escalation on host]
 	RESERVED
 	- lxc <unfixed> (unimportant)
-	[wheezy] - lxc <no-dsa> (Minor issue; see NOTE)
-	[squeeze] - lxc <no-dsa> (Minor issue; see NOTE)
 	NOTE: getting root on host, if not using unprivileged containers or
 	NOTE: restricting the containers with apparmor or selinux.
 	NOTE: CVE is kept as no official documentation explicitly document this fact
@@ -8602,6 +8601,7 @@
 	[squeeze] - bip <no-dsa> (Minor issue)
 	NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
 	NOTE: https://projects.duckcorp.org/issues/261
+	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
 CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers ...)
 	- qtbase-opensource-src 5.1.1+dfsg-6
 	- qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low)

More information about the Secure-testing-commits mailing list