[Secure-testing-commits] r25403 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jan 29 07:45:03 UTC 2014


Author: jmm
Date: 2014-01-29 07:45:03 +0000 (Wed, 29 Jan 2014)
New Revision: 25403

Modified:
   data/CVE/list
Log:
nf_irc issue doesn't affect stable/oldstable
remove imagemagick entry, plain bug
remove turktrust entry, these incidents don't receive a CVE
add some bug numbers


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-29 07:01:00 UTC (rev 25402)
+++ data/CVE/list	2014-01-29 07:45:03 UTC (rev 25403)
@@ -4,14 +4,15 @@
 	- ruby-passenger <unfixed> (bug #736958)
 CVE-2013-XXXX
 	- suphp <unfixed> (bug #736969)
+	NOTE: Should be removed from the archive (dead upstream / orphaned)
 CVE-2013-XXXX
 	- mupdf <unfixed>
 	TODO: check
-	NOTE: http://www.hdwsec.fr/blog/mupdf.html
+	NOTE: http://www.hdwsec.fr/blog/mupdf.html , needs a CVE assignment
 CVE-2013-XXXX [drop privileges when effective uid != uid]
 	- dash <unfixed> (unimportant; bug #734869)
 	- bash <unfixed> (unimportant; bug #734866)
-	NOTE: Hardening, not a vulnerability
+	NOTE: Hardening, not a vulnerability, no CVE needed
 CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
 	- clamav 0.97.7+dfsg-1
 	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
@@ -22,32 +23,24 @@
 CVE-2013-XXXX [cakephp: local file inclusion]
 	- cakephp <not-affected> (AssetDispatcher not present in 1.3)
 	NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
-	NOTE: http://seclists.org/bugtraq/2013/Aug/97
+	NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment
 CVE-2013-XXXX [automysqlbackup code injection]
 	- automysqlbackup 2.6+debian.3-1 (bug #706099)
 	[squeeze] - automysqlbackup <no-dsa> (Minor issue)
 CVE-2013-XXXX [autopostgresqlbackup code injection]
 	- autopostgresqlbackup 1.0-2 (bug #706095)
-CVE-2013-XXXX [imagemagick: null pointer dereference]
-	- imagemagick <unfixed> (unimportant; bug #704901)
 CVE-2013-XXXX [buffer overflow in commandline parsing]
 	- swath 0.4.3-3 (low; bug #698189)
 	[squeeze] - swath 0.4.0-4+squeeze1
-CVE-2013-XXXX [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
-	- nss 2:3.14.1.with.ckbi.1.93-1
-	[wheezy] - nss 2:3.13.6-2
-	[squeeze] - nss 3.12.8-1+squeeze6
-	NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
-	NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
 CVE-2014-1691 [Possible remote code execution on horde3]
 	- horde3 <unfixed>
 	- php-horde-util 2.3.0-1
 	NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
 CVE-2014-1690
 	- linux <unfixed>
-	- linux-2.6 <removed>
+	[wheezy] - linux <not-affected> (Introduced in 3.7)
+	- linux-2.6 <not-affected> (Introduced in 3.7)
 	NOTE: https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
-	TODO: check
 CVE-2014-1680
 	RESERVED
 CVE-2014-1679
@@ -6557,11 +6550,10 @@
 CVE-2013-5988
 	RESERVED
 CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
-	- nvidia-graphics-drivers 319.72-1
+	- nvidia-graphics-drivers 319.72-1 (bug #735271)
 	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 CVE-2013-5986 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
-	TODO: check
 	- nvidia-graphics-drivers 319.72-1
 	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
 	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)




More information about the Secure-testing-commits mailing list