[Secure-testing-commits] r26034 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Mar 10 07:08:40 UTC 2014
Author: jmm
Date: 2014-03-10 07:08:40 +0000 (Mon, 10 Mar 2014)
New Revision: 26034
Modified:
data/CVE/list
Log:
openssl not-affected
historic wordpress assignments
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-10 06:25:05 UTC (rev 26033)
+++ data/CVE/list 2014-03-10 07:08:40 UTC (rev 26034)
@@ -167,7 +167,7 @@
CVE-2014-2239
RESERVED
CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier ...)
- TODO: check
+ - openssl <not-affected> (Apple-specific patch)
CVE-2014-2233
RESERVED
CVE-2014-2232
@@ -1019,7 +1019,7 @@
CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
NOT-FOR-US: Apache Cordova
CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2013-7322 [OTP token invalidation]
RESERVED
- oath-toolkit <unfixed> (low; bug #738515)
@@ -2115,11 +2115,11 @@
[wheezy] - tor <no-dsa> (Minor issue)
[squeeze] - tor <not-affected> (OpenSSL in oldstable not affected)
CVE-2012-6635 (wp-admin/includes/class-wp-posts-list-table.php in WordPress before ...)
- TODO: check
+ - wordpress 3.4+dfsg-1
CVE-2012-6634 (wp-admin/media-upload.php in WordPress before 3.3.3 allows remote ...)
- TODO: check
+ - wordpress 3.4+dfsg-1
CVE-2012-6633 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ - wordpress 3.4+dfsg-1
CVE-2012-6621 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
NOT-FOR-US: GetSimple CMS
CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks ...)
@@ -2133,17 +2133,17 @@
NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834
NOTE: Only exploitable at build time
CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
- TODO: check
+ - wordpress 3.2.1+dfsg-1
CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, ...)
- TODO: check
+ - wordpress 3.0.1-1
CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a ...)
- TODO: check
+ - wordpress 3.0.2-1
CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in ...)
- TODO: check
+ - wordpress 3.0.2-1
CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ - wordpress 3.0.2-1
CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...)
- TODO: check
+ - wordpress 3.0.2-1
CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
@@ -2620,11 +2620,11 @@
CVE-2014-1271
RESERVED
CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
- TODO: check
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1267
RESERVED
CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
@@ -8623,7 +8623,6 @@
CVE-2013-5892 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-ose <removed> (low)
- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
- TODO: recheck, might be not limited to local DoS according to #735410
CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2848-1}
- mariadb-5.5 5.5.35-1
@@ -11483,7 +11482,7 @@
CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on ...)
NOT-FOR-US: Accela Bizsearch, not in Debian
CVE-2013-4710 (Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
NOT-FOR-US: PPP Access Concentrator
CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...)
@@ -42334,7 +42333,7 @@
CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before ...)
NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 ...)
- TODO: check
+ NOT-FOR-US: Eye-Fi Helper
CVE-2010-5075
RESERVED
CVE-2012-0785 [Jenkins and hash collision attack]
More information about the Secure-testing-commits
mailing list