[Secure-testing-commits] r26183 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Mar 20 06:26:55 UTC 2014 

Author: jmm
Date: 2014-03-20 06:26:51 +0000 (Thu, 20 Mar 2014)
New Revision: 26183

Modified:
   data/CVE/list
Log:
mediawiki unimportant
reflect pidgin end-of-life status for recent issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-19 22:35:52 UTC (rev 26182)
+++ data/CVE/list	2014-03-20 06:26:51 UTC (rev 26183)
@@ -2083,9 +2083,9 @@
 	RESERVED
 CVE-2014-1686
 	RESERVED
-	- mediawiki <undetermined>
+	- mediawiki <unfixed> (unimportant)
 	NOTE: http://seclists.org/fulldisclosure/2014/Mar/102
-	TODO: check
+	NOTE: path disclosure not an issue
 CVE-2014-1685
 	RESERVED
 	- zabbix 1:2.2.2+dfsg-1
@@ -6602,7 +6602,6 @@
 CVE-2014-0020 (The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and ...)
 	- socat 1.7.2.3-1 (low; bug #736993)
 	[squeeze] - socat <no-dsa> (Minor issue)
@@ -7716,55 +7715,50 @@
 CVE-2013-6490 (The SIMPLE protocol functionality in Pidgin before 2.10.8 allows ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6489 (Integer signedness error in the MXit functionality in Pidgin before ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-6488
 	REJECTED
 CVE-2013-6487 (Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...)
 	{DSA-2859-1 DSA-2852-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 	- libgadu 1:1.11.3-1
 CVE-2013-6486 (gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted ...)
 	- pidgin <not-affected> (Windows-specific)
 CVE-2013-6485 (Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6484 (The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-6483 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6482 (Pidgin before 2.10.8 allows remote MSN servers to cause a denial of ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-6481 (libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter ...)
 	- python-libcloud <not-affected> (affects 0.12.3 to 0.13.3)
 	NOTE: version prior to 0.12.3 don't include a DigitalOcean driver
 CVE-2013-6479 (util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6478 (gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before ...)
 	{DSA-2859-1}
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-6476
 	RESERVED
 	{DSA-2876-1 DSA-2875-1}
@@ -24863,18 +24857,17 @@
 CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly ...)
 	- pidgin 2.10.6-3
 	NOTE: http://www.pidgin.im/news/security/?id=68
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin ...)
 	- pidgin 2.10.6-3
 	NOTE: http://pidgin.im/news/security/?id=67
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
 CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...)
 	- pidgin 2.10.6-3
 	NOTE: http://pidgin.im/news/security/?id=66
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might ...)
 	- pidgin 2.10.6-3
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 	NOTE: http://pidgin.im/news/security/?id=65
 CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...)
 	- keystone 2013.1.1-2
@@ -25739,7 +25732,7 @@
 	RESERVED
 CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
 	- pidgin 2.10.8-1
-	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
 CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...)
 	- net-snmp <unfixed> (low; bug #731625)
 	[wheezy] - net-snmp <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list