[Secure-testing-commits] r27551 - in data: CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jul 1 14:41:26 UTC 2014
Author: jmm
Date: 2014-07-01 14:41:26 +0000 (Tue, 01 Jul 2014)
New Revision: 27551
Modified:
data/CVE/list
data/DSA/list
Log:
no-dsa: kfreebsd-8, docvert, ntop, zendframework, checkmk
swift n/A in stable
add missing CVE ID to recent solr DSA
remove mediawiki entry, since only hardening
two kernel issues n/a for squeeze/wheezy
mark additional nagios plugin as unimportant
add various missing <end-of-life> tags for mantis
openswan removed
add eglibc as fixed versions for glibc instead of <removed>,
now that Debian migrated back to glibc
linux, icedove, kwallet fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-01 14:41:20 UTC (rev 27550)
+++ data/CVE/list 2014-07-01 14:41:26 UTC (rev 27551)
@@ -128,8 +128,9 @@
CVE-2014-4608
RESERVED
- linux 3.14.9-1
- - linux-2.6 <removed>
+ - linux-2.6 <removed> (unimportant)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
+ NOTE: Not exploitable with the block sizes used in kernel images
CVE-2014-4607
RESERVED
- lzo <removed>
@@ -334,11 +335,6 @@
NOT-FOR-US: Drupal module Custom Meta
CVE-2014-4505 (Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module ...)
NOT-FOR-US: Drupal module Easy Breadcrumb
-CVE-2014-XXXX [mediawiki: unspecified security vulnerability]
- - mediawiki 1:1.19.17+dfsg-1 (bug #752622)
- [wheezy] - mediawiki <no-dsa> (Hardening only)
- NOTE: most likely hardening, watch oss-security if it gets a CVE assigned
- NOTE: http://seclists.org/oss-sec/2014/q2/646
CVE-2014-4617 (The do_uncompress function in g10/compress.c in GnuPG 1.x before ...)
{DSA-2968-1 DSA-2967-1}
- gnupg 1.4.16-1.2 (bug #752497)
@@ -1060,6 +1056,7 @@
NOT-FOR-US: SHOUTcast DNAS
CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote ...)
- ntop <unfixed> (bug #751946)
+ [wheezy] - ntop <no-dsa> (Minor issue)
CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 ...)
NOT-FOR-US: AlogoSec FireFlow
CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -1297,6 +1294,8 @@
CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in ...)
- fckeditor <unfixed> (bug #752873)
- docvert <removed>
+ [wheezy] - docvert <no-dsa> (Minor issue)
+ [squeeze] - docvert <no-dsa> (Minor issue)
- moin <not-affected> (unused emebdded copy)
- knowledgeroot <not-affected> (unused embedded copy)
CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
@@ -1464,7 +1463,8 @@
NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
CVE-2014-4014 (The capabilities implementation in the Linux kernel before 3.14.8 does ...)
- linux 3.14.7-1
- - linux-2.6 <removed>
+ [wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
+ - linux-2.6 <not-affected> (User namespaces only usable in later kernels)
NOTE: fixing commit https://git.kernel.org/linus/23adbe12ef7d3d4195e80800ab36b37bee28cd03
CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to ...)
- lynis 1.5.5-1 (bug #751083)
@@ -1608,7 +1608,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the ...)
- linux 3.14.7-1 (low)
- - linux-2.6 <removed> (low)
+ [wheezy] - linux <not-affected> (Only exploitable in 3.12 and later)
+ - linux-2.6 <not-affected> (Only exploitable in 3.12 and later)
CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux ...)
- sosreport <not-affected> (RedHat-specific issue)
CVE-2014-3920
@@ -1697,6 +1698,8 @@
CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...)
{DSA-2952-1}
- kfreebsd-8 <removed>
+ [wheezy] - kfreebsd-8 <no-dsa> (Will be fixed in a point update)
+ [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 <unfixed>
- kfreebsd-10 10.0-6
CVE-2014-3879
@@ -2509,6 +2512,7 @@
CVE-2014-3497 [XSS in Swift requests through WWW-Authenticate header]
RESERVED
- swift 1.13.1-1 (bug #752087)
+ [wheezy] - swift <not-affected> (Only affects 1.11.0 to 1.13.1)
CVE-2014-3496 (cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 ...)
NOT-FOR-US: OpenShift Origin
CVE-2014-3495 [improper verification of SSL certificates]
@@ -2673,8 +2677,9 @@
NOTE: check_dhcp is not installed with root suid permissions in Debian
NOTE: http://seclists.org/fulldisclosure/2014/Jun/141
CVE-2014-4702 [vulerability in check_icmp]
- - nagios-plugins <unfixed>
+ - nagios-plugins <unfixed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2014/May/74
+ NOTE: check_imcp is not installed with root suid permissions in Debian
CVE-2014-4701 [check_dhcp: arbitray option file read]
- nagios-plugins <unfixed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
@@ -4686,22 +4691,27 @@
CVE-2014-2685 [zendframework ZF2014-02]
RESERVED
- zendframework 1.12.5-0.1 (bug #743175)
+ [wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2684 [zendframework ZF2014-02]
RESERVED
- zendframework 1.12.5-0.1 (bug #743175)
+ [wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2683 [zendframework ZF2014-01]
RESERVED
- zendframework 1.12.5-0.1 (bug #743175)
+ [wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2682 [zendframework ZF2014-01]
RESERVED
- zendframework 1.12.5-0.1 (bug #743175)
+ [wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2681 [zendframework ZF2014-01]
RESERVED
- zendframework 1.12.5-0.1 (bug #743175)
+ [wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel ...)
- linux 3.13.10-1
@@ -5564,18 +5574,22 @@
CVE-2014-2332
RESERVED
- check-mk <unfixed> (bug #742689)
+ [wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2331
RESERVED
- check-mk <unfixed> (bug #742689)
+ [wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2330
RESERVED
- check-mk <unfixed> (bug #742689)
+ [wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2329
RESERVED
- check-mk <unfixed> (bug #742689)
+ [wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows ...)
{DSA-2970-1}
@@ -6158,7 +6172,7 @@
NOTE: https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z
CVE-2014-2238 (SQL injection vulnerability in the manage configuration page ...)
- mantis <removed>
- [squeeze] - mantis <no-dsa> (Minor issue)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
CVE-2014-2237 (The memcache token backend in OpenStack Identity (Keystone) 2013.1 ...)
- keystone 2013.2.3-1
@@ -7421,7 +7435,7 @@
NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
NOTE: https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93 is also required
CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel ...)
- - linux <unfixed>
+ - linux 3.12.8-1
[wheezy] - linux <not-affected> (Introduced in 3.7)
- linux-2.6 <not-affected> (Introduced in 3.7)
NOTE: https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
@@ -7746,7 +7760,7 @@
{DSA-2962-1 DSA-2960-1 DSA-2955-1}
- nspr 2:4.10.6-1
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: Only the Wheezy builds use the bundled nspr
@@ -7757,7 +7771,7 @@
- icedove <not-affected> (Only affects Windows 8)
CVE-2014-1542 (Buffer overflow in the Speex resampler in the Web Audio subsystem in ...)
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
@@ -7765,12 +7779,12 @@
CVE-2014-1541 (Use-after-free vulnerability in the RefreshDriverTimer::TickDriver ...)
{DSA-2960-1 DSA-2955-1}
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1540 (Use-after-free vulnerability in the ...)
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
@@ -7781,19 +7795,19 @@
CVE-2014-1538 (Use-after-free vulnerability in the nsTextEditRules::CreateMozBR ...)
{DSA-2960-1 DSA-2955-1}
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1537 (Use-after-free vulnerability in the ...)
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
[squeeze] - icedove <end-of-life>
CVE-2014-1536 (The PropertyProvider::FindJustificationRange function in Mozilla ...)
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
@@ -7802,7 +7816,7 @@
RESERVED
CVE-2014-1534 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
@@ -7810,7 +7824,7 @@
CVE-2014-1533 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2960-1 DSA-2955-1}
- iceweasel 30.0-1
- - icedove <unfixed>
+ - icedove 31.0~b1-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1532 (Use-after-free vulnerability in the ...)
@@ -9785,7 +9799,7 @@
RESERVED
CVE-2013-7252 [kwallet crypto misuse]
RESERVED
- - kde-runtime <unfixed>
+ - kde-runtime 4:4.12.2-1
[wheezy] - kde-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
- kdebase-runtime <removed>
[squeeze] - kdebase-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
@@ -13544,7 +13558,7 @@
NOT-FOR-US: Libreswan
CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial ...)
{DSA-2893-1}
- - openswan <unfixed> (bug #737406)
+ - openswan <removed> (bug #737406)
NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
CVE-2013-6465
RESERVED
@@ -18681,7 +18695,7 @@
NOT-FOR-US: Cumin
CVE-2013-4460 (Cross-site scripting (XSS) vulnerability in account_sponsor_page.php ...)
- mantis <removed> (low; bug #727180)
- [squeeze] - mantis <no-dsa> (Minor issue)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - mantis <no-dsa> (Minor issue)
NOTE: http://www.mantisbt.org/bugs/view.php?id=16513
CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...)
@@ -25105,7 +25119,7 @@
NOTE: http://download.strongswan.org/patches/11_pluto_atodn_patch/CVE-2013-2054.txt
CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when ...)
{DSA-2893-1}
- - openswan <unfixed> (low; bug #709144)
+ - openswan <removed> (low; bug #709144)
CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when ...)
NOT-FOR-US: libreswan not in Debian
NOTE: pseudo-RFP bug: #700030
@@ -25497,7 +25511,7 @@
RESERVED
- mantis <removed> (low; bug #717482)
[wheezy] - mantis <no-dsa> (Minor issue)
- [squeeze] - mantis <no-dsa> (Minor issue)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...)
NOT-FOR-US: Karteek Docsplit Ruby Gem
CVE-2013-1932 [mantis: XSS vulnerability on Configuration Report page]
@@ -25919,7 +25933,7 @@
RESERVED
- mantis <removed> (low; bug #698481)
[wheezy] - mantis <no-dsa> (Minor issue)
- [squeeze] - mantis <no-dsa> (Minor issue)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- mantis <not-affected> (only affects MantisBT 1.2.12)
CVE-2013-1809 [Gambas creates hijackable directory in /tmp]
@@ -33525,11 +33539,11 @@
[squeeze] - gajim <no-dsa> (Minor issue)
CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...)
- mantis 1.2.11-1.2 (bug #693283)
- [squeeze] - mantis <no-dsa> (Minor issue)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=14704
CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value during ...)
- mantis 1.2.11-1.2 (bug #693283)
- [squeeze] - mantis <no-dsa> (Minor issue)
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=14496
CVE-2012-5521
RESERVED
@@ -39062,7 +39076,7 @@
CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
- eglibc 2.13-36 (bug #684889)
[squeeze] - eglibc <no-dsa> (Minor issue)
- - glibc <removed>
+ - glibc 2.13-36
CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically ...)
{DSA-2603-1}
- emacs23 23.4+1-4 (bug #684695)
@@ -57885,7 +57899,7 @@
CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
- eglibc 2.13-8
[squeeze] - eglibc 2.11.3-2
- - glibc <removed>
+ - glibc 2.13-8
[lenny] - glibc <no-dsa> (Minor issue)
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
@@ -59631,7 +59645,7 @@
CVE-2011-1096 (The W3C XML Encryption Standard, as used in the JBoss Web Services ...)
NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...)
- - glibc <removed>
+ - glibc 2.13-16
[lenny] - glibc <no-dsa> (Minor issue)
- eglibc 2.13-16
[squeeze] - eglibc 2.11.3-2
@@ -59660,7 +59674,7 @@
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-1 (low)
CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...)
- - glibc <removed>
+ - glibc 2.13-8
- eglibc 2.13-8
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2011/q1/368
@@ -59715,7 +59729,7 @@
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
- cron <not-affected> (Debian's cron not affected)
CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded ...)
- - glibc <removed>
+ - glibc 2.11.2-12
- eglibc 2.11.2-12 (bug #615120)
[squeeze] - eglibc 2.11.3-2
CVE-2011-1070
@@ -63188,7 +63202,7 @@
CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.15 ...)
- eglibc 2.13-24 (low; bug #656108)
[squeeze] - eglibc 2.11.3-3
- - glibc <removed>
+ - glibc 2.13-24
NOTE: http://support.novell.com/security/cve/CVE-2009-5029.html
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=735850
NOTE: Pending for 6.0.5 spu update
@@ -65008,7 +65022,7 @@
NOTE: JBoss 5 only; fixed in 5.1.0
CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...)
{DSA-2122-2 DSA-2122-1}
- - glibc <removed>
+ - glibc 2.11.2-8
- eglibc 2.11.2-8 (bug #600667)
CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in ...)
{DSA-2155-1}
@@ -65036,7 +65050,7 @@
CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...)
{DSA-2122-2 DSA-2122-1}
- eglibc 2.11.2-8 (bug #600667)
- - glibc <removed>
+ - glibc 2.11.2-8
CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...)
- cvs <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
@@ -69830,12 +69844,12 @@
CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...)
{DSA-2058-1}
- eglibc 2.10.1-1 (unimportant)
- - glibc <removed>
+ - glibc 2.11.1-1 (unimportant)
NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f
CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the GNU C ...)
{DSA-2058-1}
- eglibc 2.11.1-1 (unimportant)
- - glibc <removed>
+ - glibc 2.11.1-1 (unimportant)
NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3
CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 ...)
NOT-FOR-US: McAfee Email Gateway
@@ -73751,7 +73765,7 @@
[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in ...)
{DSA-2058-1}
- - glibc <removed>
+ - glibc 2.11-1
- eglibc 2.11-1
NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and ...)
@@ -75382,7 +75396,7 @@
[lenny] - kvm <no-dsa> (minor issue)
CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka ...)
{DSA-2058-1}
- - glibc <removed> (bug #583908)
+ - glibc 2.11-1 (bug #583908)
- eglibc 2.11-1
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540
CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...)
@@ -76841,7 +76855,7 @@
CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...)
{DSA-1973-1}
- eglibc 2.10.2-4 (medium; bug #560333)
- - glibc <removed> (medium)
+ - glibc 2.10.2-4 (medium)
CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 ...)
- sssd 1.0.5-1
CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...)
@@ -102568,7 +102582,7 @@
{DSA-2058-1}
- kfreebsd-6 <not-affected> (see bug #483152)
- kfreebsd-7 <not-affected> (see bug #483152)
- - glibc <removed> (low)
+ - glibc 2.11-1 (low)
- eglibc 2.11-1 (low)
[lenny] - glibc <no-dsa> (minor issue)
NOTE: not sure if it is a security bug, an attacker should not be able to change the format string
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2014-07-01 14:41:20 UTC (rev 27550)
+++ data/DSA/list 2014-07-01 14:41:26 UTC (rev 27551)
@@ -20,7 +20,7 @@
{CVE-2014-4168}
[wheezy] - iodine 0.6.0~rc1-12+deb7u1
[17 Jun 2014] DSA-2963-1 lucene-solr - security update
- {CVE-2013-6397 CVE-2013-6407 CVE-2013-6408}
+ {CVE-2012-6612 CVE-2013-6397 CVE-2013-6407 CVE-2013-6408}
[wheezy] - lucene-solr 3.6.0+dfsg-1+deb7u1
[17 Jun 2014] DSA-2962-1 nspr - security update
{CVE-2014-1545}
More information about the Secure-testing-commits
mailing list