[Secure-testing-commits] r26255 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 26 13:53:58 UTC 2014 

Author: jmm
Date: 2014-03-26 13:53:58 +0000 (Wed, 26 Mar 2014)
New Revision: 26255

Modified:
   data/CVE/list
Log:
smb4k no-dsa
update claws plugin issue (no-dsa)
owncloud fixed
vlc unimportant
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-26 12:56:02 UTC (rev 26254)
+++ data/CVE/list	2014-03-26 13:53:58 UTC (rev 26255)
@@ -280,17 +280,16 @@
 CVE-2014-2498
 	RESERVED
 CVE-2013-7344 (Unspecified vulnerability in core/settings.php in ownCloud before ...)
-	- owncloud <unfixed>
-	TODO: check
+	- owncloud 5.0.3+dfsg-1
 CVE-2013-7343 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the ...)
-	TODO: check
-	NOTE: moodle?
+	NOT-FOR-US: Flowplayer
+	NOTE: Present in the source in some Moodle packages, see #736800
 CVE-2013-7342 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the ...)
-	TODO: check
-	NOTE: moodle?
+	NOT-FOR-US: Flowplayer
+	NOTE: Present in the source in some Moodle packages, see #736800
 CVE-2013-7340 (VideoLAN VLC Media Player before 2.0.7 allows remote attackers to ...)
-	- vlc <unfixed>
-	TODO: check
+	- vlc <unfixed> (unimportant)
+	NOTE: No security impact
 CVE-2013-7337
 	RESERVED
 CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller ...)
@@ -324,12 +323,19 @@
 	NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
 CVE-2014-2581 [credentials cache leak]
 	RESERVED
-	- smb4k <unfixed>
+	- smb4k <unfixed> (low)
+	[wheezy] - smb4k <no-dsa> (Minor issue)
+	[squeeze] - smb4k <no-dsa> (Minor issue)
 	NOTE: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/
 CVE-2014-2576 [claws-mail rssyl plugin does not verify SSL peer at all]
 	RESERVED
-	- claws-mail <unfixed>
+	- claws-mail <unfixed> (bug #742695)
+	[wheezy] - claws-mail <not-affected> (rssyl plugin in separate source package)
+	[squeeze] - claws-mail <not-affected> (rssyl plugin in separate source package)
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
+	- claws-mail-extra-plugins <removed>
+	[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
+	[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
 CVE-2014-2573 [nova: VMWare driver leaks rescued images]
 	RESERVED
 	- nova <unfixed>
@@ -1457,13 +1463,11 @@
 CVE-2014-2050
 	RESERVED
 CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...)
-	- owncloud <unfixed>
-	TODO: check
+	- owncloud 6.0.0+dfsg-1
 CVE-2014-2048
 	RESERVED
 CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is ...)
-	- owncloud <unfixed>
-	TODO: check
+	- owncloud 6.0.2+dfsg-1
 CVE-2014-2046
 	RESERVED
 CVE-2014-2045

More information about the Secure-testing-commits mailing list