[Secure-testing-commits] r26141 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 17 07:47:56 UTC 2014 

Author: jmm
Date: 2014-03-17 07:47:56 +0000 (Mon, 17 Mar 2014)
New Revision: 26141

Modified:
   data/CVE/list
Log:
new gd2 issue / update php status
several moodle not-affected
add temp entry for moodle issues needed CVE IDs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-17 06:58:49 UTC (rev 26140)
+++ data/CVE/list	2014-03-17 07:47:56 UTC (rev 26141)
@@ -1,8 +1,19 @@
+CVE-2014-XXXX [MSA-14-0004: Incorrect filtering in Quiz]
+	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
+CVE-2014-XXXX [MSA-14-0008: Cross site scripting potential in Flowplayer]
+	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
+CVE-2014-XXXX [MSA-14-0013: Unfiltered data used in Assignment web services]
+	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 CVE-2014-2497 [gd: NULL pointer dereference may cause denial of service]
-	- php5 <undetermined>
+	- php5 <unfixed>
 	[wheezy] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
 	[squeeze] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
-	TODO: check unstable
+	- libgd2 <unfixed> (low)
+	[squeeze] - libgd2 <no-dsa> (Minor issue)
+	[wheezy] - libgd2 <no-dsa> (Minor issue)
 	NOTE: http://net-ninja-mr.me/2014/03/14/php-gd-v5-4-17-2-color-visual-null-pointer-dereference/
 CVE-2014-2496
 	RESERVED
@@ -6115,6 +6126,7 @@
 CVE-2014-0129
 	RESERVED
 	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
 CVE-2014-0128 [Denial of Service in SSL-Bump]
 	RESERVED
@@ -6125,6 +6137,7 @@
 CVE-2014-0127
 	RESERVED
 	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
 CVE-2014-0126
 	RESERVED
@@ -6133,18 +6146,22 @@
 CVE-2014-0125
 	RESERVED
 	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409
 CVE-2014-0124
 	RESERVED
 	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
 CVE-2014-0123
 	RESERVED
 	- moodle 2.6.2-1
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
+	NOTE: squeeze version unaffected due to lack of fine-grained access control?
 CVE-2014-0122
 	RESERVED
 	- moodle 2.6.2-1
+	[squeeze] - moodle <not-affected> (Vulnerable code not present)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
 CVE-2014-0121
 	RESERVED

More information about the Secure-testing-commits mailing list