[Secure-testing-commits] r25939 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-03-03 08:24:06 +0000 (Mon, 03 Mar 2014)
New Revision: 25939

Modified:
   data/CVE/list
Log:
filed bugs for libpng an mojarra


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-03 07:50:21 UTC (rev 25938)
+++ data/CVE/list	2014-03-03 08:24:06 UTC (rev 25939)
@@ -4512,6 +4512,7 @@
 CVE-2014-0333 [denial of service via png_push_read_chunk()]
 	RESERVED
 	- libpng <not-affected> (Only affects libpng 1.6.0 through 1.6.9)
+	NOTE: Filed #740585 for src:libpng1.6 in experimental
 CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...)
 	NOT-FOR-US: Dell SonicWALL GMS
 CVE-2014-0331
@@ -8237,10 +8238,9 @@
 	NOT-FOR-US: Oracle Industry Applications
 CVE-2013-5855
 	RESERVED
-	- mojarra <unfixed>
+	- mojarra <unfixed> (bug #740586)
 	NOTE: https://java.net/jira/browse/JAVASERVERFACES-3150
 	NOTE: https://java.net/projects/mojarra/sources/svn/revision/12793
-	TODO: check
 CVE-2013-5854 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)