[Secure-testing-commits] r25257 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jan 17 13:45:53 UTC 2014 

Author: jmm
Date: 2014-01-17 13:45:53 +0000 (Fri, 17 Jan 2014)
New Revision: 25257

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
mediawiki DSA needed for stable as well
memcached no-dsa
mark bind9 as not affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-17 12:13:42 UTC (rev 25256)
+++ data/CVE/list	2014-01-17 13:45:53 UTC (rev 25257)
@@ -152,7 +152,6 @@
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0
 CVE-2014-1448
 	REJECTED
-	NOTE: rejected
 CVE-2014-1447 [libvirt: denial of service with keepalive]
 	RESERVED
 	- libvirt <unfixed> (bug #735676)
@@ -606,7 +605,9 @@
 CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote ...)
 	NOT-FOR-US: VASCO IAS
 CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote ...)
-	- memcached <unfixed> (bug #735314)
+	- memcached <unfixed> (low; bug #735314)
+	[squeeze] - memcached <no-dsa> (Minor issue)
+	[wheezy] - memcached <no-dsa> (Minor issue)
 	NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
 CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other ...)
 	- memcached 1.4.13-0.2
@@ -1568,8 +1569,10 @@
 	RESERVED
 CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
 	- bind9 <unfixed> (bug #735190)
+	[wheezy] - bind9 <not-affected> (Only exploitable in combination with glibc 2.17 and later)
+	[squeeze] - bind9 <not-affected> (Only exploitable in combination with glibc 2.17 and later)
 	NOTE: https://kb.isc.org/article/AA-01078
-	TODO: to be confirmed: only vulnerable with eglibc 2.17 and newer
+	NOTE: https://kb.isc.org/article/AA-01085
 CVE-2013-7259
 	RESERVED
 	- neo4j-community <itp> (bug #685615)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-01-17 12:13:42 UTC (rev 25256)
+++ data/dsa-needed.txt	2014-01-17 13:45:53 UTC (rev 25257)
@@ -49,7 +49,7 @@
 --
 libxstream-java
 --
-mediawiki/oldstable (thijs)
+mediawiki (thijs)
 --
 moodle/oldstable
 --

More information about the Secure-testing-commits mailing list