[Secure-testing-commits] r26083 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 12 14:08:15 UTC 2014 

Author: jmm
Date: 2014-03-12 14:08:15 +0000 (Wed, 12 Mar 2014)
New Revision: 26083

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
libxstream-java fixed
dsa needed for asterisk
claws unimportant
plsh no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-12 12:43:39 UTC (rev 26082)
+++ data/CVE/list	2014-03-12 14:08:15 UTC (rev 26083)
@@ -9,8 +9,9 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086293542b991fb88a2e41ae7b4f82ac65a20e1a
 	TODO: check
 CVE-2014-XXXX [claws-mail vcalendar plugin stores user/password in cleartext]
-	- claws-mail <unfixed>
+	- claws-mail <unfixed> (unimportant)
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
+	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12338
 CVE-2014-2319 [unknown vendor: use of "legacy" ZIP encryption even when AES is requested]
 	TODO: check
 	NOTE: http://seclists.org/oss-sec/2014/q1/550
@@ -3329,7 +3330,7 @@
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2013-7285 [remote code execution via deserialization in XStream]
 	RESERVED
-	- libxstream-java <unfixed> (bug #734821)
+	- libxstream-java 1.4.7-1 (bug #734821)
 	NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
 	NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
 	NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
@@ -5966,6 +5967,8 @@
 	- postgresql-8.4 <removed>
 	- postgresql-9.3 9.3.3-1
 	- postgresql-plsh 1.20140221-1
+	[wheezy] - postgresql-plsh <no-dsa> (Minor issue)
+	[squeeze] - postgresql-plsh <no-dsa> (Minor issue)
 CVE-2014-0060
 	RESERVED
 	{DSA-2865-1 DSA-2864-1}

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-03-12 12:43:39 UTC (rev 26082)
+++ data/dsa-needed.txt	2014-03-12 14:08:15 UTC (rev 26083)
@@ -12,6 +12,7 @@
 If needed, specify the release by adding a slash after the name of the source package.
 
 
+asterisk
 --
 cups/oldstable (jmm)
 --

More information about the Secure-testing-commits mailing list