[Secure-testing-commits] r27566 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-07-02 17:20:07 +0000 (Wed, 02 Jul 2014)
New Revision: 27566

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
vlc no-dsa
spring no-dsa
take vlc DSA
graphicsmagick unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-02 16:15:01 UTC (rev 27565)
+++ data/CVE/list	2014-07-02 17:20:07 UTC (rev 27566)
@@ -6725,8 +6725,9 @@
 	{DSA-2898-1}
 	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
 	NOTE: http://trac.imagemagick.org/changeset/13736
-	- graphicsmagick <unfixed>
+	- graphicsmagick <unfixed> (unimportant)
 	NOTE: for graphicsmagick: https://bugzilla.redhat.com/show_bug.cgi?id=1064098#c13
+	NOTE: Rendered non-exploitable by fortified source for graphicsmagick
 CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause ...)
 	{DSA-2868-1 DSA-2861-1}
 	- file 1:5.17-0.1 (bug #738832)
@@ -11423,6 +11424,7 @@
 	[wheezy] - liblivemedia <no-dsa> (Minor issue)
 	[squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
 	- vlc 2.1.2-2+b1
+	[wheezy] - vlc <no-dsa> (Minor issue)
 	[squeeze] - vlc <not-affected> (not built against vuln. liblivemedia)
 	- mplayer <removed> (low)
 	[wheezy] - mplayer <no-dsa> (Minor issue)
@@ -11693,7 +11695,9 @@
 	RESERVED
 CVE-2014-0225 [Information disclosure via SSRF]
 	RESERVED
-	- libspring-java <unfixed> (bug #753470)
+	- libspring-java <unfixed> (low; bug #753470)
+	[squeeze] - libspring-java <no-dsa> (Minor issue)
+	[wheezy] - libspring-java <no-dsa> (Minor issue)
 CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h ...)
 	{DSA-2950-1}
 	- openssl 1.0.1h-1 (bug #750665)
@@ -25826,6 +25830,7 @@
 	- vlc 2.0.5-1
 	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://www.videolan.org/security/sa1301.html
+	NOTE: The freetype issue is a harmless NULL deref and won't be fixed
 CVE-2013-1867
 	RESERVED
 CVE-2013-1866

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-07-02 16:15:01 UTC (rev 27565)
+++ data/dsa-needed.txt	2014-07-02 17:20:07 UTC (rev 27566)
@@ -53,7 +53,7 @@
 --
 ruby-actionpack-2.3
 --
-vlc
+vlc (jmm)
 --
 xen
 --