[Secure-testing-commits] r26121 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-03-14 13:37:27 +0000 (Fri, 14 Mar 2014)
New Revision: 26121

Modified:
   data/CVE/list
Log:
pen, mp3gain no-dsa
add some missing qemu no-dsas


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-14 12:55:18 UTC (rev 26120)
+++ data/CVE/list	2014-03-14 13:37:27 UTC (rev 26121)
@@ -8,7 +8,9 @@
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
 	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12338
 CVE-2014-2387 [pen: insecure temporary filename]
-	- pen <unfixed> (bug #741370)
+	- pen <unfixed> (low; bug #741370)
+	[squeeze] - pen <no-dsa> (Minor issue)
+	[wheezy] - pen <no-dsa> (Minor issue)
 CVE-2014-2386 [icinga: small buffer overflows when checking strlen against MAX_INPUT_BUFFER]
 	- icinga 1.11.0-1
 CVE-2014-2325
@@ -514,7 +516,9 @@
 	NOTE: http://sourceforge.net/p/net-snmp/mailman/message/32026655/
 	NOTE: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
 CVE-2014-XXXX [buffer overflow]
-	- mp3gain <unfixed> (bug #740268)
+	- mp3gain <unfixed> (low; bug #740268)
+	[squeeze] - mp3gain <no-dsa> (Minor issue)
+	[wheezy] - mp3gain <no-dsa> (Minor issue)
 	NOTE: http://sourceforge.net/p/mp3gain/bugs/36/
 CVE-2014-2270 [crashes when checking softmagic for some corrupt PE executables]
 	RESERVED
@@ -13454,20 +13458,28 @@
 	- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
 CVE-2013-4151
 	RESERVED
-	- qemu <unfixed> (bug #739589)
-	- qemu-kvm <removed>
+	- qemu <unfixed> (low; bug #739589)
+	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
+	- qemu-kvm <removed> (low)
+	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 CVE-2013-4150
 	RESERVED
-	- qemu <unfixed> (bug #739589)
-	- qemu-kvm <removed>
+	- qemu <unfixed> (low; bug #739589)
+	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
+	- qemu-kvm <removed> (low)
+	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 CVE-2013-4149
 	RESERVED
-	- qemu <unfixed> (bug #739589)
-	- qemu-kvm <removed>
+	- qemu <unfixed> (low; bug #739589)
+	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
+	- qemu-kvm <removed> (low)
+	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 CVE-2013-4148
 	RESERVED
-	- qemu <unfixed> (bug #739589)
-	- qemu-kvm <removed>
+	- qemu <unfixed> (low; bug #739589)
+	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
+	- qemu-kvm <removed> (low)
+	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
 CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon ...)
 	- yardradius <unfixed> (low; bug #714612)
 	[squeeze] - yardradius <no-dsa> (Minor issue)