[Secure-testing-commits] r25964 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 5 13:02:32 UTC 2014 

Author: jmm
Date: 2014-03-05 13:02:31 +0000 (Wed, 05 Mar 2014)
New Revision: 25964

Modified:
   data/CVE/list
Log:
one kernel issue fixed in sid upload
python triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-05 13:01:39 UTC (rev 25963)
+++ data/CVE/list	2014-03-05 13:02:31 UTC (rev 25964)
@@ -397,7 +397,7 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
 CVE-2014-2039 [Linux kernel: s390: crash due to linkage stack instruction]
 	RESERVED
-	- linux <unfixed>
+	- linux 3.13.5-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
 CVE-2014-2037 [incomplete fix for CVE-2013-6466 DoS in openSwan]
@@ -820,14 +820,13 @@
 	[squeeze] - devscripts <no-dsa> (Minor issue)
 	[wheezy] - devscripts <no-dsa> (Minor issue)
 CVE-2013-XXXX [python's zipfile infinite loop on malformed files]
-	- python2.5 <removed> (low)
-	- python2.6 <removed> (low)
-	- python2.7 <unfixed> (low)
+	- python2.5 <not-affected> (Only affects 3.x)
+	- python2.6 <not-affected> (Only affects 3.x)
+	- python2.7 <not-affected> (Only affects 3.x)
 	- python3.1 <removed> (low)
 	- python3.2 <removed> (low)
 	- python3.3 <unfixed> (low)
 	- python3.4 <unfixed> (low)
-	TODO: check
 	NOTE: http://bugs.python.org/issue20078
 CVE-2014-XXXX [no input validation for search function]
 	- fookebox <unfixed> (low; bug #736821)
@@ -4557,12 +4556,13 @@
 	- python3.1 <removed> (low)
 	- python3.2 <removed> (low)
 	- python3.3 <unfixed> (low)
-	[squeeze] - python2.5 <no-dsa> (Minor issue)
-	[squeeze] - python2.6 <no-dsa> (Minor issue)
-	[wheezy] - python2.6 <no-dsa> (Minor issue)
-	[wheezy] - python2.7 <no-dsa> (Minor issue)
-	[squeeze] - python3.1 <no-dsa> (Minor issue)
-	[wheezy] - python3.2 <no-dsa> (Minor issue)
+	[squeeze] - python2.5 <no-dsa> (Not backportable)
+	[squeeze] - python2.6 <no-dsa> (Not backportable)
+	[wheezy] - python2.6 <no-dsa> (Not backportable)
+	[wheezy] - python2.7 <no-dsa> (Not backportable)
+	[squeeze] - python3.1 <no-dsa> (Not backportable)
+	[wheezy] - python3.2 <no-dsa> (Not backportable)
+	NOTE: Upstream will change to siphash in 3.4, no backport planned
 CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check function in ...)
 	- libmicrohttpd 0.9.32-1 (low; bug #731933)
 	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
@@ -18107,7 +18107,7 @@
 	NOT-FOR-US: Gentoo Portage binary package installer
 CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname ...)
 	- python2.7 2.7.5-5 (low; bug #709066)
-	[wheezy] - python2.7 <no-dsa> (Minor issue)
+	[wheezy] - python2.7 <not-affected> (Backport was introduced in 2.7.3-11)
 	- linkchecker 8.5-1 (low; bug #709067)
 	[squeeze] - linkchecker <no-dsa> (Minor issue)
 	[wheezy] - linkchecker <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list