[Secure-testing-commits] r25431 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 31 05:22:53 UTC 2014
Author: carnil
Date: 2014-01-31 05:22:52 +0000 (Fri, 31 Jan 2014)
New Revision: 25431
Modified:
data/CVE/list
Log:
Add temporary item for devscripts, CVE is requested
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-30 21:14:18 UTC (rev 25430)
+++ data/CVE/list 2014-01-31 05:22:52 UTC (rev 25431)
@@ -1,3 +1,49 @@
+CVE-2014-XXXX
+ - devscripts <unfixed> (bug #737160)
+CVE-2013-XXXX [python's zipfile infinite loop on malformed files]
+ - python2.5 <removed> (low)
+ - python2.6 <removed> (low)
+ - python2.7 <unfixed> (low)
+ - python3.1 <removed> (low)
+ - python3.2 <removed> (low)
+ - python3.3 <unfixed> (low)
+ - python3.4 <unfixed> (low)
+ TODO: check
+ NOTE: http://bugs.python.org/issue20078
+CVE-2014-XXXX [no input validation for search function]
+ - fookebox <unfixed> (bug #736821)
+CVE-2014-XXXX [insecure use of /tmp]
+ - ruby-passenger <unfixed> (bug #736958)
+CVE-2013-XXXX
+ - suphp <unfixed> (bug #736969)
+ NOTE: Should be removed from the archive (dead upstream / orphaned)
+CVE-2013-XXXX
+ - mupdf <unfixed>
+ TODO: check
+ NOTE: http://www.hdwsec.fr/blog/mupdf.html , needs a CVE assignment
+CVE-2013-XXXX [drop privileges when effective uid != uid]
+ - dash <unfixed> (unimportant; bug #734869)
+ - bash <unfixed> (unimportant; bug #734866)
+ NOTE: Hardening, not a vulnerability, no CVE needed
+CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
+ - clamav 0.97.7+dfsg-1
+ NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
+CVE-2013-XXXX [staden-io-lib buffer overflow]
+ - staden-io-lib 1.13.3-2 (low; bug #729276)
+ [squeeze] - staden-io-lib <no-dsa> (Minor issue)
+ [wheezy] - staden-io-lib <no-dsa> (Minor issue)
+CVE-2013-XXXX [cakephp: local file inclusion]
+ - cakephp <not-affected> (AssetDispatcher not present in 1.3)
+ NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
+ NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment
+CVE-2013-XXXX [automysqlbackup code injection]
+ - automysqlbackup 2.6+debian.3-1 (bug #706099)
+ [squeeze] - automysqlbackup <no-dsa> (Minor issue)
+CVE-2013-XXXX [autopostgresqlbackup code injection]
+ - autopostgresqlbackup 1.0-2 (bug #706095)
+CVE-2013-XXXX [buffer overflow in commandline parsing]
+ - swath 0.4.3-3 (low; bug #698189)
+ [squeeze] - swath 0.4.0-4+squeeze1
CVE-2014-1828
RESERVED
CVE-2014-1827
@@ -266,50 +312,6 @@
RESERVED
CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in ...)
TODO: check
-CVE-2013-XXXX [python's zipfile infinite loop on malformed files]
- - python2.5 <removed> (low)
- - python2.6 <removed> (low)
- - python2.7 <unfixed> (low)
- - python3.1 <removed> (low)
- - python3.2 <removed> (low)
- - python3.3 <unfixed> (low)
- - python3.4 <unfixed> (low)
- TODO: check
- NOTE: http://bugs.python.org/issue20078
-CVE-2014-XXXX [no input validation for search function]
- - fookebox <unfixed> (bug #736821)
-CVE-2014-XXXX [insecure use of /tmp]
- - ruby-passenger <unfixed> (bug #736958)
-CVE-2013-XXXX
- - suphp <unfixed> (bug #736969)
- NOTE: Should be removed from the archive (dead upstream / orphaned)
-CVE-2013-XXXX
- - mupdf <unfixed>
- TODO: check
- NOTE: http://www.hdwsec.fr/blog/mupdf.html , needs a CVE assignment
-CVE-2013-XXXX [drop privileges when effective uid != uid]
- - dash <unfixed> (unimportant; bug #734869)
- - bash <unfixed> (unimportant; bug #734866)
- NOTE: Hardening, not a vulnerability, no CVE needed
-CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
- - clamav 0.97.7+dfsg-1
- NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
-CVE-2013-XXXX [staden-io-lib buffer overflow]
- - staden-io-lib 1.13.3-2 (low; bug #729276)
- [squeeze] - staden-io-lib <no-dsa> (Minor issue)
- [wheezy] - staden-io-lib <no-dsa> (Minor issue)
-CVE-2013-XXXX [cakephp: local file inclusion]
- - cakephp <not-affected> (AssetDispatcher not present in 1.3)
- NOTE: http://bakery.cakephp.org/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
- NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment
-CVE-2013-XXXX [automysqlbackup code injection]
- - automysqlbackup 2.6+debian.3-1 (bug #706099)
- [squeeze] - automysqlbackup <no-dsa> (Minor issue)
-CVE-2013-XXXX [autopostgresqlbackup code injection]
- - autopostgresqlbackup 1.0-2 (bug #706095)
-CVE-2013-XXXX [buffer overflow in commandline parsing]
- - swath 0.4.3-3 (low; bug #698189)
- [squeeze] - swath 0.4.0-4+squeeze1
CVE-2014-1750
RESERVED
NOT-FOR-US: WordPress plugin nokia-mapsplaces
More information about the Secure-testing-commits
mailing list