[Secure-testing-commits] r25387 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jan 28 06:09:03 UTC 2014


Author: carnil
Date: 2014-01-28 06:09:03 +0000 (Tue, 28 Jan 2014)
New Revision: 25387

Modified:
   data/CVE/list
Log:
Move all CVE-2014-XXXX and CVE-2013-XXXX entries upwards

NOTE: Do some of them require a CVE request?

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-28 06:00:04 UTC (rev 25386)
+++ data/CVE/list	2014-01-28 06:09:03 UTC (rev 25387)
@@ -1,3 +1,45 @@
+CVE-2014-XXXX [Possible remote code execution on horde3]
+	- horde3 <unfixed>
+CVE-2013-XXXX
+	- mupdf <unfixed>
+	TODO: check
+	NOTE: http://www.hdwsec.fr/blog/mupdf.html
+CVE-2013-XXXX [drop privileges when effective uid != uid]
+	- dash <unfixed> (unimportant; bug #734869)
+	- bash <unfixed> (unimportant; bug #734866)
+	NOTE: Hardening, not a vulnerability
+CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
+	- clamav 0.97.7+dfsg-1
+	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
+CVE-2013-XXXX [staden-io-lib buffer overflow]
+	- staden-io-lib <unfixed> (low; bug #729276)
+	[squeeze] - staden-io-lib <no-dsa> (Minor issue)
+	[wheezy] - staden-io-lib <no-dsa> (Minor issue)
+CVE-2013-XXXX [cakephp: local file inclusion]
+	- cakephp <not-affected> (AssetDispatcher not present in 1.3)
+	NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
+	NOTE: http://seclists.org/bugtraq/2013/Aug/97
+CVE-2013-XXXX [automysqlbackup code injection]
+	- automysqlbackup 2.6+debian.3-1 (bug #706099)
+	[squeeze] - automysqlbackup <no-dsa> (Minor issue)
+CVE-2013-XXXX [autopostgresqlbackup code injection]
+	- autopostgresqlbackup 1.0-2 (bug #706095)
+CVE-2013-XXXX [http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0097.html]
+	- libav 6:0.8.6-1 (bug #703200)
+	- ffmpeg <removed>
+	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
+	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
+CVE-2013-XXXX [imagemagick: null pointer dereference]
+	- imagemagick <unfixed> (unimportant; bug #704901)
+CVE-2013-XXXX [buffer overflow in commandline parsing]
+	- swath 0.4.3-3 (low; bug #698189)
+	[squeeze] - swath 0.4.0-4+squeeze1
+CVE-2013-XXXX [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
+	- nss 2:3.14.1.with.ckbi.1.93-1
+	[wheezy] - nss 2:3.13.6-2
+	[squeeze] - nss 3.12.8-1+squeeze6
+	NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
+	NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
 CVE-2014-1680
 	RESERVED
 CVE-2014-1679
@@ -94,10 +136,6 @@
 	TODO: check
 CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the ...)
 	TODO: check
-CVE-2013-XXXX
-	- mupdf <unfixed>
-	TODO: check
-	NOTE: http://www.hdwsec.fr/blog/mupdf.html
 CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
@@ -461,8 +499,6 @@
 	TODO: check
 CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...)
 	TODO: check
-CVE-2014-XXXX [Possible remote code execution on horde3]
-	- horde3 <unfixed>
 CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
 	- xen <unfixed>
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
@@ -1160,10 +1196,6 @@
 	RESERVED
 CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance ...)
 	NOT-FOR-US: Amberdms Billing System
-CVE-2013-XXXX [drop privileges when effective uid != uid]
-	- dash <unfixed> (unimportant; bug #734869)
-	- bash <unfixed> (unimportant; bug #734866)
-	NOTE: Hardening, not a vulnerability
 CVE-2014-1408 (The Conceptronic C54APM access point with runtime code 1.26 has a ...)
 	NOT-FOR-US: Conceptronic C54APM access point
 CVE-2014-1407 (Multiple cross-site scripting (XSS) vulnerabilities on the ...)
@@ -4358,9 +4390,6 @@
 	RESERVED
 CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...)
 	NOT-FOR-US: Elastix
-CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
-	- clamav 0.97.7+dfsg-1
-	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
 CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...)
 	- amd64-microcode <undetermined>
 	NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/1
@@ -4920,10 +4949,6 @@
 CVE-2013-6765
 	RESERVED
 	NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago)
-CVE-2013-XXXX [staden-io-lib buffer overflow]
-	- staden-io-lib <unfixed> (low; bug #729276)
-	[squeeze] - staden-io-lib <no-dsa> (Minor issue)
-	[wheezy] - staden-io-lib <no-dsa> (Minor issue)
 CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote ...)
 	{DSA-2799-1}
 	- chromium-browser 31.0.1650.57-1
@@ -8653,10 +8678,6 @@
 	RESERVED
 CVE-2013-5111
 	RESERVED
-CVE-2013-XXXX [cakephp: local file inclusion]
-	- cakephp <not-affected> (AssetDispatcher not present in 1.3)
-	NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
-	NOTE: http://seclists.org/bugtraq/2013/Aug/97
 CVE-2013-5110
 	RESERVED
 CVE-2013-5109
@@ -13317,11 +13338,6 @@
 	RESERVED
 CVE-2013-3303
 	RESERVED
-CVE-2013-XXXX [automysqlbackup code injection]
-	- automysqlbackup 2.6+debian.3-1 (bug #706099)
-	[squeeze] - automysqlbackup <no-dsa> (Minor issue)
-CVE-2013-XXXX [autopostgresqlbackup code injection]
-	- autopostgresqlbackup 1.0-2 (bug #706095)
 CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 ...)
 	NOT-FOR-US: Lift Framework
 CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...)
@@ -13447,11 +13463,6 @@
 	RESERVED
 CVE-2013-3246
 	RESERVED
-CVE-2013-XXXX [http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0097.html]
-	- libav 6:0.8.6-1 (bug #703200)
-	- ffmpeg <removed>
-	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
-	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=e70c5b034c4787377e82cab2d5565486baec0c2a
 CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media ...)
 	- vlc <unfixed> (unimportant)
 	NOTE: Harmless crasher
@@ -14660,8 +14671,6 @@
 CVE-2013-2764
 	RESERVED
 	NOT-FOR-US: Secure Entry Server
-CVE-2013-XXXX [imagemagick: null pointer dereference]
-	- imagemagick <unfixed> (unimportant; bug #704901)
 CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote ...)
 	NOT-FOR-US: Schneider Electric M340 modules
 CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default ...)
@@ -19061,9 +19070,6 @@
 	RESERVED
 CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in ...)
 	NOT-FOR-US: uTorrent
-CVE-2013-XXXX [buffer overflow in commandline parsing]
-	- swath 0.4.3-3 (low; bug #698189)
-	[squeeze] - swath 0.4.0-4+squeeze1
 CVE-2013-0243 [Basic constraints vulnerability]
 	RESERVED
 	- haskell-tls-extra 0.4.6.1-1 (bug #698545)
@@ -20820,12 +20826,6 @@
 	[squeeze] - iceape <end-of-life>
 CVE-2013-0743
 	REJECTED
-CVE-2013-XXXX [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
-	- nss 2:3.14.1.with.ckbi.1.93-1
-	[wheezy] - nss 2:3.13.6-2
-	[squeeze] - nss 3.12.8-1+squeeze6
-	NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
-	NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
 CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote ...)
 	NOT-FOR-US: Corel PDF Fusion
 CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in ...)




More information about the Secure-testing-commits mailing list