[Secure-testing-commits] r27665 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jul 9 07:12:34 UTC 2014 

Author: jmm
Date: 2014-07-09 07:12:33 +0000 (Wed, 09 Jul 2014)
New Revision: 27665

Modified:
   data/CVE/list
Log:
red hat NFUs
one kernel issue n/a for squeeze
new unimportanz ocsinventory issue
concludes external check


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-09 06:34:47 UTC (rev 27664)
+++ data/CVE/list	2014-07-09 07:12:33 UTC (rev 27665)
@@ -1,3 +1,6 @@
+CVE-2014-4722
+	- ocsinventory-server <unfixed> (unimportant)
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2014-XXXX [ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select]
 	- zendframework <unfixed> (bug #754201)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-04
@@ -129,6 +132,7 @@
 	TODO: check
 CVE-2014-4671
 	RESERVED
+	NOT-FOR-US: Adobe Flash
 CVE-2014-4670
 	RESERVED
 CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read ...)
@@ -1222,10 +1226,9 @@
 CVE-2014-4172
 	RESERVED
 CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly ...)
-	- linux 3.14.10-1
-	- linux-2.6 <removed>
+	- linux <unfixed>
+	- linux-2.6 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lkml.org/lkml/2014/7/2/518
-	TODO: recheck, patch was reverted and replaced with new fix, which is not in 3.14.10-1
 CVE-2014-4170
 	RESERVED
 CVE-2014-4169
@@ -2602,7 +2605,7 @@
 	RESERVED
 CVE-2014-3540 [Class loader vulnerability in DefaultResolver]
 	RESERVED
-CVE-2014-3539
+CVE-2014-3539	
 	RESERVED
 CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read ...)
 	- file 1:5.19-1
@@ -10221,10 +10224,12 @@
 	RESERVED
 CVE-2014-0539
 	RESERVED
+	NOT-FOR-US: Adobe Flash
 CVE-2014-0538
 	RESERVED
 CVE-2014-0537
 	RESERVED
+	NOT-FOR-US: Adobe Flash
 CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
 	NOT-FOR-US: Adobe Flash
 CVE-2014-0535 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
@@ -41382,6 +41387,7 @@
 	NOT-FOR-US: Cumin
 CVE-2012-2682
 	RESERVED
+	NOT-FOR-US: Cumin
 CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
 	NOT-FOR-US: Cumin
 CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)

More information about the Secure-testing-commits mailing list