[Secure-testing-commits] r25171 - data/CVE

Sun Jan 12 20:56:21 UTC 2014

Author: aw-guest
Date: 2014-01-12 20:56:21 +0000 (Sun, 12 Jan 2014)
New Revision: 25171

Modified:
   data/CVE/list
Log:
CVE-2013-4357 unimportant?
CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-4387 fixed in point update
CVE-2013-6383 fixed in 3.11.8-1
CVE-2013-1741, CVE-2013-5606 bug reported


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-01-12 15:47:15 UTC (rev 25170)
+++ data/CVE/list	2014-01-12 20:56:21 UTC (rev 25171)
@@ -4375,7 +4375,7 @@
 	- ceilometer 2013.2-4 (bug #730227)
 CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the ...)
 	- linux-2.6 <removed>
-	- linux <unfixed>
+	- linux 3.11.8-1
 	NOTE: http://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
 CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux ...)
 	- linux-2.6 <removed> (low)
@@ -6232,7 +6232,7 @@
 	{DSA-2820-1}
 	- nspr 2:4.10.2-1
 CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla ...)
-	- nss 2:3.15.3-1
+	- nss 2:3.15.3-1 (bug #735105)
 CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 ...)
 	{DSA-2800-1}
 	- nss 2:3.15.3-1
@@ -8552,6 +8552,8 @@
 CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in ...)
 	- linux 3.8-1
 	- linux-2.6 <removed>
+	[wheezy] - linux 3.2.53-1
+	NOTE: fixed in point update
 CVE-2013-4591 (Buffer overflow in the __nfs4_get_acl_uncached function in ...)
 	- linux 3.8-1
 	[wheezy] - linux <not-affected> (Introduced in 3.6)
@@ -8992,7 +8994,7 @@
 	- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
 CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
 	- eglibc <unfixed> (low; bug #727181)
-	[wheezy] - eglibc <no-dsa> (Minor issue)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072
@@ -9231,6 +9233,7 @@
 CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...)
 	- linux-2.6 <removed>
 	- linux 3.11.5-1
+	[wheezy] - linux 3.2.53-2
 CVE-2013-4386 (Multiple SQL injection vulnerabilities in ...)
 	- foreman <itp> (bug #663101)
 CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in the "extras" unit ...)
@@ -9333,6 +9336,7 @@
 	RESERVED
 	- eglibc <unfixed>
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
+	NOTE: unimportant?
 CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Only affects 4.3+)
@@ -9431,7 +9435,7 @@
 	NOT-FOR-US: OpenPNE
 CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
 	- eglibc 2.17-93 (bug #722536)
-	[wheezy] - eglibc <no-dsa> (Will be fixed in point update)
+	[wheezy] - eglibc 2.13-38+deb7u1
 CVE-2013-4331 [incorrect .Xauthority permissions]
 	RESERVED
 	- lightdm 1.6.2-1 (bug #721744)
@@ -9753,7 +9757,7 @@
 	NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
 CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
 	- eglibc 2.17-94 (bug #719558)
-	[wheezy] - eglibc <no-dsa> (Will be fixed in point update)
+	[wheezy] - eglibc 2.13-38+deb7u1
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
 	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
 CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
@@ -16485,7 +16489,7 @@
 	- bugzilla4 <itp> (bug #669643)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
 CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...)
-	- nss 2:3.15.3-1
+	- nss 2:3.15.3-1 (bug #735105)
 	NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
 CVE-2013-1740
 	RESERVED


