[Secure-testing-commits] r27601 - data/CVE

Fri Jul 4 06:05:57 UTC 2014

Author: jmm
Date: 2014-07-04 06:05:56 +0000 (Fri, 04 Jul 2014)
New Revision: 27601

Modified:
   data/CVE/list
Log:
openstack n/a
pnp4nagios no-dsa
fixup rails/wheezy entries
openvz n/a


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-07-04 04:55:41 UTC (rev 27600)
+++ data/CVE/list	2014-07-04 06:05:56 UTC (rev 27601)
@@ -1,12 +1,15 @@
 CVE-2014-XXXX [XSS via views/template.php]
-	- pnp4nagios <unfixed>
+	- pnp4nagios <unfixed> (low)
 	NOTE: https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb
+	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516078
 CVE-2014-XXXX [XSS via views/kohana_error_page.php]
-	- pnp4nagios <unfixed>
+	- pnp4nagios <unfixed> (low)
+	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
 	NOTE: https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516140
 CVE-2014-XXXX [XSS - input is not properly sanitised in views/kohana_error_page.php]
-	- pnp4nagios <unfixed>
+	- pnp4nagios <unfixed> (low)
+	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
 	NOTE: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
 CVE-2014-4715 [LZ4_decompress_generic() integer overflow (32-bit arches)]
@@ -2590,8 +2593,11 @@
 CVE-2014-3520 [Keystone V2 trusts privilege escalation through user supplied project id]
 	RESERVED
 	- keystone 2014.1.1-3 (bug #753511)
+	[wheezy] - keystone <not-affected> (Vulnerable code not present)
 CVE-2014-3519
 	RESERVED
+	- linux-2.6 <not-affected> (Vulnerable code not yet present)
+	- linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour)
 CVE-2014-3518
 	RESERVED
 CVE-2014-3517
@@ -2696,6 +2702,7 @@
 	- ruby-activerecord-2.3 <removed>
 	- ruby-activerecord-3.2 <removed>
 	- rails <unfixed>
+	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
 	- rails-3.2 <unfixed>
 	- rails-4.0 <unfixed>
 	TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
@@ -2704,6 +2711,7 @@
 	- ruby-activerecord-2.3 <removed>
 	- ruby-activerecord-3.2 <removed>
 	- rails <unfixed>
+	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
 	- rails-3.2 <unfixed>
 	- rails-4.0 <unfixed>
 	TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
@@ -28291,7 +28299,9 @@
 	NOT-FOR-US: Ubuntu MAAS
 CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before ...)
 	- nova 2014.1.1-4 (bug #753579)
+	[wheezy] - nova <not-affected> (Vulnerable code not present)
 	- cinder 2014.1.1-3 (bug #753585)
+	[wheezy] - cinder <not-affected> (Vulnerable code not present)
 	NOTE: Requires includedir to be defined in /etc/sudoers file
 CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...)
 	- apport 2.12.6-1 (bug #727661)


