[Secure-testing-commits] r25403 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Jan 29 07:45:03 UTC 2014
Author: jmm
Date: 2014-01-29 07:45:03 +0000 (Wed, 29 Jan 2014)
New Revision: 25403
Modified:
data/CVE/list
Log:
nf_irc issue doesn't affect stable/oldstable
remove imagemagick entry, plain bug
remove turktrust entry, these incidents don't receive a CVE
add some bug numbers
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-29 07:01:00 UTC (rev 25402)
+++ data/CVE/list 2014-01-29 07:45:03 UTC (rev 25403)
@@ -4,14 +4,15 @@
- ruby-passenger <unfixed> (bug #736958)
CVE-2013-XXXX
- suphp <unfixed> (bug #736969)
+ NOTE: Should be removed from the archive (dead upstream / orphaned)
CVE-2013-XXXX
- mupdf <unfixed>
TODO: check
- NOTE: http://www.hdwsec.fr/blog/mupdf.html
+ NOTE: http://www.hdwsec.fr/blog/mupdf.html , needs a CVE assignment
CVE-2013-XXXX [drop privileges when effective uid != uid]
- dash <unfixed> (unimportant; bug #734869)
- bash <unfixed> (unimportant; bug #734866)
- NOTE: Hardening, not a vulnerability
+ NOTE: Hardening, not a vulnerability, no CVE needed
CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
- clamav 0.97.7+dfsg-1
NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
@@ -22,32 +23,24 @@
CVE-2013-XXXX [cakephp: local file inclusion]
- cakephp <not-affected> (AssetDispatcher not present in 1.3)
NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
- NOTE: http://seclists.org/bugtraq/2013/Aug/97
+ NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment
CVE-2013-XXXX [automysqlbackup code injection]
- automysqlbackup 2.6+debian.3-1 (bug #706099)
[squeeze] - automysqlbackup <no-dsa> (Minor issue)
CVE-2013-XXXX [autopostgresqlbackup code injection]
- autopostgresqlbackup 1.0-2 (bug #706095)
-CVE-2013-XXXX [imagemagick: null pointer dereference]
- - imagemagick <unfixed> (unimportant; bug #704901)
CVE-2013-XXXX [buffer overflow in commandline parsing]
- swath 0.4.3-3 (low; bug #698189)
[squeeze] - swath 0.4.0-4+squeeze1
-CVE-2013-XXXX [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
- - nss 2:3.14.1.with.ckbi.1.93-1
- [wheezy] - nss 2:3.13.6-2
- [squeeze] - nss 3.12.8-1+squeeze6
- NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
- NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
CVE-2014-1691 [Possible remote code execution on horde3]
- horde3 <unfixed>
- php-horde-util 2.3.0-1
NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
CVE-2014-1690
- linux <unfixed>
- - linux-2.6 <removed>
+ [wheezy] - linux <not-affected> (Introduced in 3.7)
+ - linux-2.6 <not-affected> (Introduced in 3.7)
NOTE: https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
- TODO: check
CVE-2014-1680
RESERVED
CVE-2014-1679
@@ -6557,11 +6550,10 @@
CVE-2013-5988
RESERVED
CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
- - nvidia-graphics-drivers 319.72-1
+ - nvidia-graphics-drivers 319.72-1 (bug #735271)
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
CVE-2013-5986 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
- TODO: check
- nvidia-graphics-drivers 319.72-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
More information about the Secure-testing-commits
mailing list