[Secure-testing-commits] r26183 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Mar 20 06:26:55 UTC 2014
Author: jmm
Date: 2014-03-20 06:26:51 +0000 (Thu, 20 Mar 2014)
New Revision: 26183
Modified:
data/CVE/list
Log:
mediawiki unimportant
reflect pidgin end-of-life status for recent issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-19 22:35:52 UTC (rev 26182)
+++ data/CVE/list 2014-03-20 06:26:51 UTC (rev 26183)
@@ -2083,9 +2083,9 @@
RESERVED
CVE-2014-1686
RESERVED
- - mediawiki <undetermined>
+ - mediawiki <unfixed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2014/Mar/102
- TODO: check
+ NOTE: path disclosure not an issue
CVE-2014-1685
RESERVED
- zabbix 1:2.2.2+dfsg-1
@@ -6602,7 +6602,6 @@
CVE-2014-0020 (The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and ...)
- socat 1.7.2.3-1 (low; bug #736993)
[squeeze] - socat <no-dsa> (Minor issue)
@@ -7716,55 +7715,50 @@
CVE-2013-6490 (The SIMPLE protocol functionality in Pidgin before 2.10.8 allows ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2013-6489 (Integer signedness error in the MXit functionality in Pidgin before ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6488
REJECTED
CVE-2013-6487 (Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...)
{DSA-2859-1 DSA-2852-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
- libgadu 1:1.11.3-1
CVE-2013-6486 (gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted ...)
- pidgin <not-affected> (Windows-specific)
CVE-2013-6485 (Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2013-6484 (The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6483 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2013-6482 (Pidgin before 2.10.8 allows remote MSN servers to cause a denial of ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6481 (libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter ...)
- python-libcloud <not-affected> (affects 0.12.3 to 0.13.3)
NOTE: version prior to 0.12.3 don't include a DigitalOcean driver
CVE-2013-6479 (util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2013-6478 (gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before ...)
{DSA-2859-1}
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2013-6476
RESERVED
{DSA-2876-1 DSA-2875-1}
@@ -24863,18 +24857,17 @@
CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly ...)
- pidgin 2.10.6-3
NOTE: http://www.pidgin.im/news/security/?id=68
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin ...)
- pidgin 2.10.6-3
NOTE: http://pidgin.im/news/security/?id=67
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...)
- pidgin 2.10.6-3
NOTE: http://pidgin.im/news/security/?id=66
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might ...)
- pidgin 2.10.6-3
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
NOTE: http://pidgin.im/news/security/?id=65
CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...)
- keystone 2013.1.1-2
@@ -25739,7 +25732,7 @@
RESERVED
CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
- pidgin 2.10.8-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...)
- net-snmp <unfixed> (low; bug #731625)
[wheezy] - net-snmp <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list