[Secure-testing-commits] r26102 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Mar 13 15:18:12 UTC 2014 

Author: jmm
Date: 2014-03-13 15:18:12 +0000 (Thu, 13 Mar 2014)
New Revision: 26102

Modified:
   data/CVE/list
Log:
cleanup some non-issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-13 15:15:57 UTC (rev 26101)
+++ data/CVE/list	2014-03-13 15:18:12 UTC (rev 26102)
@@ -24,7 +24,7 @@
 CVE-2014-2320
 	TODO: check
 CVE-2014-2319 [unknown vendor: use of "legacy" ZIP encryption even when AES is requested]
-	TODO: check
+	NOTE: Non issue
 	NOTE: http://seclists.org/oss-sec/2014/q1/550
 CVE-2014-2312 [thermald: insecure tmp file]
 	RESERVED
@@ -200,7 +200,6 @@
 	- freetype <unfixed> (bug #741299)
 	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
 	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
-	TODO: check
 	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
 	NOTE: https://savannah.nongnu.org/bugs/?41697#comment2 if I understood it right
 CVE-2014-2240
@@ -208,7 +207,6 @@
 	- freetype <unfixed> (bug #741299)
 	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
 	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
-	TODO: check
 	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
 	NOTE: https://savannah.nongnu.org/bugs/?41697#comment0
 CVE-2014-2239
@@ -584,9 +582,6 @@
 	- catfish 1.0.1-1 (low; bug #739958)
 	[squeeze] - catfish <no-dsa> (Minor issue)
 	[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2013-XXXX [hexchat: local overflow]
-	- hexchat 2.9.6.1-1
-	NOTE: https://github.com/hexchat/hexchat/commit/8996baa35ee12556a7bf402e3568193dbafec5f1
 CVE-2014-2086
 	RESERVED
 CVE-2014-2085
@@ -1338,10 +1333,6 @@
 	NOTE: http://www.hdwsec.fr/blog/mupdf.html
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
 	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
-CVE-2013-XXXX [drop privileges when effective uid != uid]
-	- dash <unfixed> (unimportant; bug #734869)
-	- bash <unfixed> (unimportant; bug #734866)
-	NOTE: Hardening, not a vulnerability, no CVE needed
 CVE-2013-XXXX [clamav: double-free error libclamunrar_iface/unrar_iface.c]
 	- clamav 0.97.7+dfsg-1
 	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
@@ -2857,19 +2848,19 @@
 	RESERVED
 	- virtualbox <unfixed>
 	- virtualbox-ose <removed>
-	NOTE: http://www.coresecurity.com/content/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
+	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
 	TODO: check
 CVE-2014-0982
 	RESERVED
 	- virtualbox <unfixed>
 	- virtualbox-ose <removed>
-	NOTE: http://www.coresecurity.com/content/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
+	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
 	TODO: check
 CVE-2014-0981
 	RESERVED
 	- virtualbox <unfixed>
 	- virtualbox-ose <removed>
-	NOTE: http://www.coresecurity.com/content/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
+	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
 	TODO: check
 CVE-2014-0980 (Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote ...)
 	NOT-FOR-US: Publish-It

More information about the Secure-testing-commits mailing list