[Secure-testing-commits] r27491 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jun 27 10:16:08 UTC 2014
Author: jmm
Date: 2014-06-27 10:16:08 +0000 (Fri, 27 Jun 2014)
New Revision: 27491
Modified:
data/CVE/list
Log:
duplicity no-dsa
zabbix EOL in squeeze lts
tomcat7 n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-27 09:41:25 UTC (rev 27490)
+++ data/CVE/list 2014-06-27 10:16:08 UTC (rev 27491)
@@ -2491,7 +2491,9 @@
NOT-FOR-US: OpenShift Origin
CVE-2014-3495 [improper verification of SSL certificates]
RESERVED
- - duplicity <unfixed> (bug #751902)
+ - duplicity <unfixed> (low; bug #751902)
+ [wheezy] - duplicity <no-dsa> (Minor issue)
+ [squeeze] - duplicity <no-dsa> (Minor issue)
CVE-2014-3494 [KMail/KIO POP3 SSL MITM Flaw]
RESERVED
- kde4libs <unfixed> (bug #752052)
@@ -3718,6 +3720,7 @@
CVE-2014-3005 [zabbix: local file inclusion via XXE]
RESERVED
- zabbix <unfixed> (bug #751910)
+ [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://seclists.org/fulldisclosure/2014/Jun/87
NOTE: Upstream issue tracking https://support.zabbix.com/browse/ZBX-8151
CVE-2014-3004 (The default configuration for the Xerces SAX Parser in Castor before ...)
@@ -11643,8 +11646,7 @@
- neutron <unfixed>
[wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and 2014.1)
CVE-2014-0186 (A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise ...)
- - tomcat7 <undetermined>
- TODO: check, is this regression affecting also a patch which Debian has already applied?
+ - tomcat7 <not-affected> (RHEL-specific regression)
CVE-2014-0185 (sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...)
{DSA-2943-1}
- php5 5.5.12+dfsg-1
More information about the Secure-testing-commits
mailing list