[Secure-testing-commits] r26230 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Mar 25 04:36:57 UTC 2014
Author: jmm
Date: 2014-03-25 04:35:01 +0000 (Tue, 25 Mar 2014)
New Revision: 26230
Modified:
data/CVE/list
Log:
spring fixed
clean up some rejected issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-24 19:56:11 UTC (rev 26229)
+++ data/CVE/list 2014-03-25 04:35:01 UTC (rev 26230)
@@ -21,7 +21,6 @@
CVE-2014-2568 [linux: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied]
- linux <unfixed>
- linux-2.6 <removed>
- TODO: check
NOTE: Upstream path: https://lkml.org/lkml/2014/3/20/421
CVE-2014-2567 [SSL stripping vulnerability]
NOT-FOR-US: Trojita
@@ -416,10 +415,9 @@
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
NOT-FOR-US: Atlassian JIRA
CVE-2013-7339 [rds: prevent dereference of a NULL device]
- - linux 3.13.4-1
+ - linux 3.13-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
- TODO: check linux-2.6
CVE-2013-7336 [libvirt: unprivileged user can crash libvirtd during spice migration]
- libvirt 1.1.4-1
NOTE: http://www.redhat.com/archives/libvir-list/2013-September/msg01208.html
@@ -1469,7 +1467,7 @@
RESERVED
CVE-2014-1904
RESERVED
- - libspring-java <unfixed> (bug #741604)
+ - libspring-java 3.0.6.RELEASE-13 (bug #741604)
NOTE: http://www.gopivotal.com/security/cve-2014-1904
CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
- freepbx <itp> (bug #464926)
@@ -6571,7 +6569,7 @@
RESERVED
CVE-2014-0054
RESERVED
- - libspring-java <unfixed> (bug #741604)
+ - libspring-java 3.0.6.RELEASE-13 (bug #741604)
CVE-2014-0053
RESERVED
NOT-FOR-US: Grails
@@ -8233,11 +8231,6 @@
NOTE: http://git.kernel.org/linus/b4789b8e6be3151a955ade74872822f30e8cd914
CVE-2013-6379
REJECTED
- - linux-2.6 <not-affected> (Vulnerable driver not yet present)
- - linux 3.11.8-1 (unimportant)
- [wheezy] - linux <not-affected> (Vulnerable driver not yet present)
- NOTE: http://git.kernel.org/linus/c2c65cd2e14ada6de44cb527e7f1990bede24e15
- NOTE: Driver not activated, only in staging
CVE-2013-6378 (The lbs_debugfs_write function in ...)
- linux-2.6 <removed> (low)
- linux 3.11.10-1 (low)
@@ -9977,7 +9970,6 @@
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5689 [Arbitrary File Upload]
REJECTED
- - ajaxplorer <itp> (bug #668381)
CVE-2013-5688 (Multiple directory traversal vulnerabilities in index.php in ...)
- ajaxplorer <itp> (bug #668381)
CVE-2013-5675
@@ -10336,9 +10328,8 @@
NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the media ...)
- joomla <itp> (bug #571794)
-CVE-2013-5575 [integer overflow]
+CVE-2013-5575
REJECTED
- NOTE: Non-issue, to be rejected
CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5567
@@ -13154,7 +13145,6 @@
NOT-FOR-US: Cumin
CVE-2013-4403
REJECTED
- NOTE: rejected
CVE-2013-4402 (The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x ...)
{DSA-2774-1 DSA-2773-1}
- gnupg2 2.0.22-1 (bug #725433)
@@ -13349,10 +13339,6 @@
NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
CVE-2013-4349 [IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow]
REJECTED
- {DSA-2768-1}
- - icedtea-web 1.4-3.1 (bug #723118)
- NOTE: issues CVE-2012-4540 not fixed in 1.4 branch
- NOTE: Patch: http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the ...)
- linux 3.11.6-2
- linux-2.6 <not-affected> (Introduced in 3.2)
@@ -13667,8 +13653,6 @@
- nas 1.9.3-6 (bug #720287)
CVE-2013-4257 [Heap Overflow]
REJECTED
- {DSA-2771-1}
- - nas 1.9.3-6 (bug #720287)
CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio ...)
{DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
@@ -14059,7 +14043,6 @@
NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
CVE-2013-4142
REJECTED
- NOTE: Should be REJECTED, see CVE-2013-3969
CVE-2013-4141
REJECTED
CVE-2013-4140 (Cross-site scripting (XSS) vulnerability in the TinyBox (Simple ...)
@@ -15341,7 +15324,6 @@
NOT-FOR-US: Dahua DVR
CVE-2013-3611
REJECTED
- NOT-FOR-US: NETELLER Direct Payment API
CVE-2013-3610 (qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before ...)
NOT-FOR-US: ASUS router
CVE-2013-3609 (The web interface in the Intelligent Platform Management Interface ...)
@@ -19249,8 +19231,6 @@
[wheezy] - w3af <no-dsa> (Minor issue)
CVE-2013-2098
REJECTED
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/16/5
- NOTE: This ID is solely for the backport, CVE-2013-2099 is for standard Python
CVE-2013-2097 [zPanel themes remote command execution as root]
RESERVED
NOT-FOR-US: zPanel
@@ -24743,8 +24723,6 @@
NOTE: this is initially related to #700669
CVE-2013-0341 [external entity expansion]
REJECTED
- - expat <unfixed> (unimportant)
- NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion ...)
- expat <unfixed> (unimportant)
NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
@@ -36454,7 +36432,7 @@
[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...)
- pidgin 2.10.4-1
- [squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
+ [squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...)
- php5 5.3.6-1 (bug #581170)
[squeeze] - php5 5.3.3-7+squeeze4
More information about the Secure-testing-commits
mailing list