[Secure-testing-commits] r27118 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jun 3 16:52:06 UTC 2014
Author: jmm
Date: 2014-06-03 16:52:06 +0000 (Tue, 03 Jun 2014)
New Revision: 27118
Modified:
data/CVE/list
data/dsa-needed.txt
data/lts-needed.txt
Log:
record gnutls squeeze-lts update
various no-dsa
update eol entries for squeeze
update lts-needed.txt
dcmtk, s3d unimportant (s3d also fixed for some time)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-03 15:00:46 UTC (rev 27117)
+++ data/CVE/list 2014-06-03 16:52:06 UTC (rev 27118)
@@ -946,6 +946,7 @@
{DSA-2944-1}
- gnutls26 2.12.23-16
- gnutls28 3.2.15-1
+ [squeeze] - gnutls26 2.8.6-1+squeeze4
CVE-2014-3465
RESERVED
- gnutls26 <not-affected> (Affected code was introduced in 3.0)
@@ -2035,6 +2036,8 @@
CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might ...)
- pillow <unfixed> (bug #737059)
- python-imaging <removed>
+ [squeeze] - python-imaging <no-dsa> (Minor issue)
+ [wheezy] - python-imaging <no-dsa> (Minor issue)
NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing
CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when ...)
NOT-FOR-US: Sitepark Information Enterprise Server
@@ -2758,6 +2761,8 @@
- prosody 0.9.4-1
- lua-expat 1.3.0-1
[wheezy] - lua-expat 1.2.0-5+deb7u1
+ [squeeze] - lua-expat <no-dsa> (Minor issue)
+ [squeeze] - prosody <no-dsa> (Minor issue)
NOTE: http://hg.prosody.im/0.9/rev/b3b1c9da38fb
CVE-2014-2743 (plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does ...)
NOT-FOR-US: Openfire
@@ -4957,6 +4962,7 @@
RESERVED
{DSA-2836-1}
- devscripts 2.13.9
+ [squeeze] - devscripts <no-dsa> (Minor issue)
CVE-2013-7321 (Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access ...)
NOT-FOR-US: D-Link hardware
CVE-2013-7320 (Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 ...)
@@ -6863,9 +6869,9 @@
RESERVED
CVE-2014-1226
RESERVED
- - s3d <unfixed>
+ - s3d 0.2.2-9 (unimportant)
NOTE: http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html
- TODO: check
+ NOTE: Not running with elevated privileges in Debian packaging
CVE-2014-1225
RESERVED
CVE-2014-1224
@@ -9672,7 +9678,9 @@
NOTE: A malicious RDP server has many more ways to mess with an RDP client
CVE-2014-0249
RESERVED
- - sssd <unfixed> (bug #749569)
+ - sssd <unfixed> (low; bug #749569)
+ [squeeze] - sssd <no-dsa> (Minor issue)
+ [wheezy] - sssd <no-dsa> (Minor issue)
CVE-2014-0248
RESERVED
CVE-2014-0247
@@ -10601,6 +10609,7 @@
CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
{DSA-2836-1}
- devscripts 2.13.9
+ [squeeze] - devscripts <no-dsa> (Minor issue)
CVE-2013-6887 (OpenJPEG 1.5.1 allows remote attackers to cause a denial of service ...)
- openjpeg 1.5.2-1 (bug #731237)
[wheezy] - openjpeg <not-affected> (Only affects 1.5)
@@ -10733,9 +10742,9 @@
NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2013-6825
RESERVED
- - dcmtk <unfixed>
+ - dcmtk <unfixed> (unimportant)
NOTE: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
- TODO: check
+ NOTE: Not running with elevated privileges in Debian packaging
CVE-2013-6824 (Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 ...)
- zabbix 1:2.2.0+dfsg-6 (low)
[squeeze] - zabbix <no-dsa> (Minor issue)
@@ -12155,6 +12164,7 @@
- php-horde <not-affected> (Vulnerable code in turba)
- php-horde-turba 4.1.3-1 (bug #730979)
- turba2 <removed>
+ [squeeze] - turba2 <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/horde/horde/commit/74f9add4ad86c29b608270e33b17426163b3c8cf
CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x ...)
{DSA-2792-1}
@@ -17220,6 +17230,7 @@
- qemu 1.6.0+dfsg-2 (unimportant; bug #725944)
- qemu-kvm <removed> (unimportant)
- xen-qemu-dm-4.0 <removed>
+ [squeeze] - xen-qemu-dm-4.0 <end-of-life> (Unsupported in squeeze-lts)
NOTE: Qemu only exploitable by privileged administrator with malicious configuration
NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
NOTE: Xen in Wheezy includes qemu
@@ -17791,7 +17802,8 @@
NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common
CVE-2013-4168 [start and end time fields not filtered]
RESERVED
- - smokeping 2.6.8-2
+ - smokeping 2.6.8-2 (low)
+ [squeeze] - smokeping <no-dsa> (Minor issue)
NOTE: https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563
CVE-2013-4167 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...)
- cmsms <itp> (bug #608888)
@@ -35312,9 +35324,9 @@
CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
NOT-FOR-US: jCore
CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the ...)
- - tinymce <unfixed>
- - python-django-tinymce <unfixed>
- TODO: check
+ - tinymce <unfixed> (low)
+ [squeeze] - tinymce <no-dsa> (Minor issue)
+ [wheezy] - tinymce <no-dsa> (Minor issue)
CVE-2012-4229
RESERVED
CVE-2012-4228
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-06-03 15:00:46 UTC (rev 27117)
+++ data/dsa-needed.txt 2014-06-03 16:52:06 UTC (rev 27118)
@@ -25,7 +25,7 @@
--
libav (jmm)
--
-liblivemedia/stable (geissert)
+liblivemedia (geissert)
--
libplrpc-perl
Plan: drop the dependency also for libdbi-perl in stable, so that libplrpc-perl can be
@@ -43,7 +43,7 @@
--
mupdf (jmm)
--
-modsecurity-apache/stable (carnil)
+modsecurity-apache (carnil)
--
nss (geissert)
--
Modified: data/lts-needed.txt
===================================================================
--- data/lts-needed.txt 2014-06-03 15:00:46 UTC (rev 27117)
+++ data/lts-needed.txt 2014-06-03 16:52:06 UTC (rev 27118)
@@ -41,6 +41,8 @@
--
phpmyadmin (Thijs Kinkhorst)
--
+poppler
+--
python2.6
--
qt4-x11
More information about the Secure-testing-commits
mailing list