[Secure-testing-commits] r25387 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jan 28 06:09:03 UTC 2014
Author: carnil
Date: 2014-01-28 06:09:03 +0000 (Tue, 28 Jan 2014)
New Revision: 25387
Modified:
data/CVE/list
Log:
Move all CVE-2014-XXXX and CVE-2013-XXXX entries upwards
NOTE: Do some of them require a CVE request?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-28 06:00:04 UTC (rev 25386)
+++ data/CVE/list 2014-01-28 06:09:03 UTC (rev 25387)
@@ -1,3 +1,45 @@
+CVE-2014-XXXX [Possible remote code execution on horde3]
+ - horde3 <unfixed>
+CVE-2013-XXXX
+ - mupdf <unfixed>
+ TODO: check
+ NOTE: http://www.hdwsec.fr/blog/mupdf.html
+CVE-2013-XXXX [drop privileges when effective uid != uid]
+ - dash <unfixed> (unimportant; bug #734869)
+ - bash <unfixed> (unimportant; bug #734866)
+ NOTE: Hardening, not a vulnerability
+CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
+ - clamav 0.97.7+dfsg-1
+ NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
+CVE-2013-XXXX [staden-io-lib buffer overflow]
+ - staden-io-lib <unfixed> (low; bug #729276)
+ [squeeze] - staden-io-lib <no-dsa> (Minor issue)
+ [wheezy] - staden-io-lib <no-dsa> (Minor issue)
+CVE-2013-XXXX [cakephp: local file inclusion]
+ - cakephp <not-affected> (AssetDispatcher not present in 1.3)
+ NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
+ NOTE: http://seclists.org/bugtraq/2013/Aug/97
+CVE-2013-XXXX [automysqlbackup code injection]
+ - automysqlbackup 2.6+debian.3-1 (bug #706099)
+ [squeeze] - automysqlbackup <no-dsa> (Minor issue)
+CVE-2013-XXXX [autopostgresqlbackup code injection]
+ - autopostgresqlbackup 1.0-2 (bug #706095)
+CVE-2013-XXXX [http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0097.html]
+ - libav 6:0.8.6-1 (bug #703200)
+ - ffmpeg <removed>
+ NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
+ NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
+CVE-2013-XXXX [imagemagick: null pointer dereference]
+ - imagemagick <unfixed> (unimportant; bug #704901)
+CVE-2013-XXXX [buffer overflow in commandline parsing]
+ - swath 0.4.3-3 (low; bug #698189)
+ [squeeze] - swath 0.4.0-4+squeeze1
+CVE-2013-XXXX [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
+ - nss 2:3.14.1.with.ckbi.1.93-1
+ [wheezy] - nss 2:3.13.6-2
+ [squeeze] - nss 3.12.8-1+squeeze6
+ NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
+ NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
CVE-2014-1680
RESERVED
CVE-2014-1679
@@ -94,10 +136,6 @@
TODO: check
CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the ...)
TODO: check
-CVE-2013-XXXX
- - mupdf <unfixed>
- TODO: check
- NOTE: http://www.hdwsec.fr/blog/mupdf.html
CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -461,8 +499,6 @@
TODO: check
CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...)
TODO: check
-CVE-2014-XXXX [Possible remote code execution on horde3]
- - horde3 <unfixed>
CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
@@ -1160,10 +1196,6 @@
RESERVED
CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance ...)
NOT-FOR-US: Amberdms Billing System
-CVE-2013-XXXX [drop privileges when effective uid != uid]
- - dash <unfixed> (unimportant; bug #734869)
- - bash <unfixed> (unimportant; bug #734866)
- NOTE: Hardening, not a vulnerability
CVE-2014-1408 (The Conceptronic C54APM access point with runtime code 1.26 has a ...)
NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1407 (Multiple cross-site scripting (XSS) vulnerabilities on the ...)
@@ -4358,9 +4390,6 @@
RESERVED
CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...)
NOT-FOR-US: Elastix
-CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
- - clamav 0.97.7+dfsg-1
- NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...)
- amd64-microcode <undetermined>
NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/1
@@ -4920,10 +4949,6 @@
CVE-2013-6765
RESERVED
NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago)
-CVE-2013-XXXX [staden-io-lib buffer overflow]
- - staden-io-lib <unfixed> (low; bug #729276)
- [squeeze] - staden-io-lib <no-dsa> (Minor issue)
- [wheezy] - staden-io-lib <no-dsa> (Minor issue)
CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote ...)
{DSA-2799-1}
- chromium-browser 31.0.1650.57-1
@@ -8653,10 +8678,6 @@
RESERVED
CVE-2013-5111
RESERVED
-CVE-2013-XXXX [cakephp: local file inclusion]
- - cakephp <not-affected> (AssetDispatcher not present in 1.3)
- NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
- NOTE: http://seclists.org/bugtraq/2013/Aug/97
CVE-2013-5110
RESERVED
CVE-2013-5109
@@ -13317,11 +13338,6 @@
RESERVED
CVE-2013-3303
RESERVED
-CVE-2013-XXXX [automysqlbackup code injection]
- - automysqlbackup 2.6+debian.3-1 (bug #706099)
- [squeeze] - automysqlbackup <no-dsa> (Minor issue)
-CVE-2013-XXXX [autopostgresqlbackup code injection]
- - autopostgresqlbackup 1.0-2 (bug #706095)
CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 ...)
NOT-FOR-US: Lift Framework
CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...)
@@ -13447,11 +13463,6 @@
RESERVED
CVE-2013-3246
RESERVED
-CVE-2013-XXXX [http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0097.html]
- - libav 6:0.8.6-1 (bug #703200)
- - ffmpeg <removed>
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
- NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media ...)
- vlc <unfixed> (unimportant)
NOTE: Harmless crasher
@@ -14660,8 +14671,6 @@
CVE-2013-2764
RESERVED
NOT-FOR-US: Secure Entry Server
-CVE-2013-XXXX [imagemagick: null pointer dereference]
- - imagemagick <unfixed> (unimportant; bug #704901)
CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote ...)
NOT-FOR-US: Schneider Electric M340 modules
CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default ...)
@@ -19061,9 +19070,6 @@
RESERVED
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in ...)
NOT-FOR-US: uTorrent
-CVE-2013-XXXX [buffer overflow in commandline parsing]
- - swath 0.4.3-3 (low; bug #698189)
- [squeeze] - swath 0.4.0-4+squeeze1
CVE-2013-0243 [Basic constraints vulnerability]
RESERVED
- haskell-tls-extra 0.4.6.1-1 (bug #698545)
@@ -20820,12 +20826,6 @@
[squeeze] - iceape <end-of-life>
CVE-2013-0743
REJECTED
-CVE-2013-XXXX [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
- - nss 2:3.14.1.with.ckbi.1.93-1
- [wheezy] - nss 2:3.13.6-2
- [squeeze] - nss 3.12.8-1+squeeze6
- NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
- NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote ...)
NOT-FOR-US: Corel PDF Fusion
CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in ...)
More information about the Secure-testing-commits
mailing list