[Secure-testing-commits] r27217 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Jun 11 14:35:04 UTC 2014 

Author: jmm
Date: 2014-06-11 14:35:04 +0000 (Wed, 11 Jun 2014)
New Revision: 27217

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
no-dsa: lynis, puppet* runpath issues, dbus
one puppet issue n/a in squeeze/wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-06-11 14:32:05 UTC (rev 27216)
+++ data/CVE/list	2014-06-11 14:35:04 UTC (rev 27217)
@@ -4,6 +4,8 @@
 	NOTE: fixing commit https://git.kernel.org/linus/fc8ad6759de122ee180a02c16518c2e252cc9d48
 CVE-2014-3986
 	- lynis 1.5.5-1 (bug #751083)
+	[squeeze] - lynis <no-dsa> (Minor issue)
+	[wheezy] - lynis <no-dsa> (Minor issue)
 CVE-2014-3995
 	NOT-FOR-US: Djblets
 CVE-2014-3994
@@ -1072,7 +1074,9 @@
 	RESERVED
 CVE-2014-3477
 	RESERVED
-	- dbus 1.8.4-1
+	- dbus 1.8.4-1 (low)
+	[squeeze] - dbus <no-dsa> (Minor issue)
+	[wheezy] - dbus <no-dsa> (Minor issue)
 CVE-2014-3476
 	RESERVED
 CVE-2014-3475
@@ -1626,19 +1630,25 @@
 CVE-2014-3250
 	RESERVED
 	- puppet <unfixed>
+	[squeeze] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
+	[wheezy] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
 	NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250
-	NOTE: Problem in combination with Apache 2.4
-	TODO: check
 CVE-2014-3249
 	RESERVED
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 	NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
 CVE-2014-3248
 	RESERVED
-	- puppet <unfixed>
-	- ruby-hiera <unfixed>
-	- facter <unfixed>
-	- mcollective <unfixed>
+	- puppet <unfixed> (low)
+	[wheezy] - puppet <no-dsa> (Minor issue)
+	[squeeze] - puppet <no-dsa> (Minor issue)
+	- ruby-hiera <unfixed> (low)
+	[wheezy] - ruby-hiera <no-dsa> (Minor issue)
+	- facter <unfixed> (low)
+	[wheezy] - facter <no-dsa> (Minor issue)
+	[squeeze] - facter <no-dsa> (Minor issue)
+	- mcollective <unfixed> (low)
+	[wheezy] - mcollective <no-dsa> (Minor issue)
 	NOTE: http://puppetlabs.com/security/cve/cve-2014-3248
 	NOTE: problem in combination with ruby <= 1.9.1
 CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows ...)
@@ -17467,7 +17477,7 @@
 	- gnupg 1.4.15-1 (low; bug #722722)
 	- gnupg2 2.0.22-1 (low; bug #722724)
 CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel ...)
-	- linux-2.6 <removed>
+	- linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux 3.11.5-1
 	[wheezy] - linux 3.2.53-1
 	NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-06-11 14:32:05 UTC (rev 27216)
+++ data/dsa-needed.txt	2014-06-11 14:35:04 UTC (rev 27217)
@@ -58,7 +58,6 @@
 vlc
 --
 xen
- ijc prepared updates
 --
 xlhtml
 --

More information about the Secure-testing-commits mailing list