[Secure-testing-commits] r27175 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jun 6 14:57:49 UTC 2014 

Author: jmm
Date: 2014-06-06 14:57:49 +0000 (Fri, 06 Jun 2014)
New Revision: 27175

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
no-dsa: mediawiki, kfreebsd8, sendmail, icedtea-web
jboss not-affected
mark apache2 as undetermined for now
remove zabbix from dsa-needed, this was for squeeze
one libav issue N/A for wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-06-06 12:00:09 UTC (rev 27174)
+++ data/CVE/list	2014-06-06 14:57:49 UTC (rev 27175)
@@ -81,9 +81,12 @@
 	[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
 CVE-2014-3966 [mediawiki Javascript inject by anonymous users on private wikis with $wgRawHtml enabled]
 	- mediawiki <unfixed> (low; bug #750527)
+	[wheezy] - mediawiki <no-dsa> (Minor issue)
+	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
 CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...)
-	- sendmail 8.14.4-6 (bug #750562)
+	- sendmail 8.14.4-6 (low; bug #750562)
+	[wheezy] - sendmail <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
 CVE-2014-3940 [missing check during hugepage migration]
 	RESERVED
@@ -197,6 +200,7 @@
 	- kfreebsd-8 <removed>
 	- kfreebsd-9 <unfixed> (bug #750493)
 	[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
+	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
 	TODO: for wheezy maintainers are double-checking
 CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login ...)
 	NOT-FOR-US: D-Link firmware
@@ -1000,6 +1004,7 @@
 	RESERVED
 CVE-2014-3481
 	RESERVED
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2014-3480
 	RESERVED
 CVE-2014-3479
@@ -2160,6 +2165,7 @@
 	- kfreebsd-10 10.0-5 (bug #746949)
 	- kfreebsd-9 <unfixed> (bug #746951)
 	- kfreebsd-8 <removed> (bug #746952)
+	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
 	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-2999
 	RESERVED
@@ -6499,6 +6505,7 @@
 CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not ...)
 	{DSA-2952-1}
 	- kfreebsd-8 <removed>
+	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
 	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
 	- kfreebsd-9 <unfixed> (bug #743984)
 	- kfreebsd-10 10.0-4
@@ -11733,7 +11740,8 @@
 	RESERVED
 	NOT-FOR-US: fedup (Fedora specific)
 CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc ...)
-	- icedtea-web 1.4.2-1
+	- icedtea-web 1.4.2-1 (low)
+	[wheezy] - icedtea-web <no-dsa> (Minor issue)
 CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly ...)
 	NOT-FOR-US: Pirhana
 CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...)
@@ -13778,7 +13786,8 @@
 	NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
 	NOTE: http://martin.swende.se/blog/HTTPChunked.html
 CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
-	- apache2 <unfixed>
+	- apache2 <undetermined>
+	NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
 	NOT-FOR-US: DrayTek Vigor 2700 router
 CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in ...)
@@ -26962,6 +26971,7 @@
 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
 	- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
 	- libav 6:9.10-1
+	[wheezy] - libav <not-affected> (Vulnerable code not present)
 	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
 	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
 CVE-2013-0855 (Integer overflow in the alac_decode_close function in ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-06-06 12:00:09 UTC (rev 27174)
+++ data/dsa-needed.txt	2014-06-06 14:57:49 UTC (rev 27175)
@@ -60,5 +60,3 @@
 --
 xlhtml
 --
-zabbix
---

More information about the Secure-testing-commits mailing list