[Secure-testing-commits] r27237 - in data: . CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jun 12 15:55:18 UTC 2014
Author: jmm
Date: 2014-06-12 15:55:18 +0000 (Thu, 12 Jun 2014)
New Revision: 27237
Modified:
data/CVE/list
data/DSA/list
data/dsa-needed.txt
Log:
solr fixed
soappy no-dsa
mark bogus libav CVE ID as fixed
dsa-needed: take nspr, add apt
add split-off dpkg CVE ID
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-12 12:28:59 UTC (rev 27236)
+++ data/CVE/list 2014-06-12 15:55:18 UTC (rev 27237)
@@ -62,7 +62,8 @@
CVE-2014-3987
RESERVED
CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow ...)
- TODO: check, this CVE apparently is only for the 0.8.x branch of libav and relates to DSA-2947-1
+ - libav 6:0.8.12-1
+ NOTE: Fairly pointless CVE assignment...
CVE-2014-XXXX [Insecure use of temporary file]
- scheme48 1.9-4
[wheezy] - scheme48 <no-dsa> (Minor issue)
@@ -1704,7 +1705,7 @@
RESERVED
CVE-2014-3250
RESERVED
- - puppet <unfixed>
+ - puppet <unfixed> (low)
[squeeze] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
[wheezy] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250
@@ -1763,8 +1764,8 @@
CVE-2014-3228
RESERVED
CVE-2014-3227 (dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect ...)
- - dpkg <undetermined>
- TODO: check
+ {DSA-2915-1}
+ - dpkg 1.17.8
CVE-2014-3226
RESERVED
CVE-2014-3224
@@ -1838,10 +1839,14 @@
[wheezy] - icecast2 <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/changeset/19137/
CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity ...)
- - python-soappy <unfixed> (bug #747280)
+ - python-soappy <unfixed> (low; bug #747280)
+ [squeeze] - python-soappy <no-dsa> (Minor issue)
+ [wheezy] - python-soappy <no-dsa> (Minor issue)
NOTE: http://www.pnigos.com/?p=260
CVE-2014-3242 (SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a ...)
- - python-soappy <unfixed> (bug #747280)
+ - python-soappy <unfixed> (low; bug #747280)
+ [squeeze] - python-soappy <no-dsa> (Minor issue)
+ [wheezy] - python-soappy <no-dsa> (Minor issue)
NOTE: http://www.pnigos.com/?p=260
CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler ...)
- cobbler <itp> (bug #545583)
@@ -9856,7 +9861,7 @@
CVE-2013-6921
RESERVED
CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in ...)
- - lucene-solr <unfixed> (bug #731113)
+ - lucene-solr 3.6.2+dfsg-2 (bug #731113)
CVE-2014-0325
RESERVED
CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2014-06-12 12:28:59 UTC (rev 27236)
+++ data/DSA/list 2014-06-12 15:55:18 UTC (rev 27237)
@@ -8,7 +8,7 @@
{CVE-2014-3430}
[wheezy] - dovecot 1:2.1.7-7+deb7u1
[08 Jun 2014] DSA-2953-1 dpkg - security update
- {CVE-2014-3864 CVE-2014-3865}
+ {CVE-2014-3864 CVE-2014-3865 CVE-2014-3227}
[squeeze] - dpkg 1.15.11
[wheezy] - dpkg 1.16.15
[05 Jun 2014] DSA-2952-1 kfreebsd-9 - security update
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2014-06-12 12:28:59 UTC (rev 27236)
+++ data/dsa-needed.txt 2014-06-12 15:55:18 UTC (rev 27237)
@@ -13,6 +13,8 @@
--
+apt
+--
asterisk
--
cacti
@@ -43,7 +45,7 @@
--
nss (geissert)
--
-nspr
+nspr (jmm)
--
openswan (corsac)
NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
More information about the Secure-testing-commits
mailing list