[Secure-testing-commits] r26300 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Thu Mar 27 21:14:10 UTC 2014 

Author: joeyh
Date: 2014-03-27 21:14:10 +0000 (Thu, 27 Mar 2014)
New Revision: 26300

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-27 19:42:16 UTC (rev 26299)
+++ data/CVE/list	2014-03-27 21:14:10 UTC (rev 26300)
@@ -8411,6 +8411,7 @@
 	[wheezy] - pywbem <no-dsa> (Minor issue)
 	NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
 CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
+	{DSA-2888-1}
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
@@ -8425,6 +8426,7 @@
 	- rails <not-affected> (vulnerable code not present)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency ...)
+	{DSA-2888-1}
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
@@ -8432,6 +8434,7 @@
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)
+	{DSA-2888-1}
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
@@ -13185,6 +13188,7 @@
 	- libi18n-ruby <removed>
 	[squeeze] - libi18n-ruby <not-affected> (vulnerable code not present)
 CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in ...)
+	{DSA-2888-1}
 	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
@@ -13529,6 +13533,7 @@
 CVE-2013-4390 (Open redirect vulnerability in the AbstractAuthenticationFormServlet ...)
 	NOT-FOR-US: Apache Sling
 CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in ...)
+	{DSA-2888-1 DSA-2887-1}
 	- rails-4.0 <not-affected> (Only affects 3.x)
 	- ruby-actionmailer-3.2 3.2.16-1 (bug #726576)
 	- ruby-actionmailer-2.3 <not-affected> (Only affects 3.x)
@@ -130471,9 +130476,9 @@
 CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...)
 	{DSA-1074-1}
 	- mpg123 0.59r-22 (bug #361863)
-        - mp3gain 1.5.2-r2-6 (low)
-        [wheezy] - mp3gain <no-dsa> (Minor issue)
-        [squeeze] - mp3gain <no-dsa> (Minor issue)
+	- mp3gain 1.5.2-r2-6 (low)
+	[wheezy] - mp3gain <no-dsa> (Minor issue)
+	[squeeze] - mp3gain <no-dsa> (Minor issue)
 CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
 	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
 CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...)
@@ -151314,9 +151319,9 @@
 	NOT-FOR-US: Proxytunnel
 CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
 	- mpg123 0.59r-19
-        - mp3gain 1.5.2-r2-6 (low)
-        [wheezy] - mp3gain <no-dsa> (Minor issue)
-        [squeeze] - mp3gain <no-dsa> (Minor issue)
+	- mp3gain 1.5.2-r2-6 (low)
+	[wheezy] - mp3gain <no-dsa> (Minor issue)
+	[squeeze] - mp3gain <no-dsa> (Minor issue)
 CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
 	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
 	- libgd2 2.0.30-1
@@ -151800,9 +151805,9 @@
 CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
 	{DSA-564-1}
 	- mpg123 0.59r-16
-        - mp3gain 1.5.2-r2-6 (low)
-        [wheezy] - mp3gain <no-dsa> (Minor issue)
-        [squeeze] - mp3gain <no-dsa> (Minor issue)
+	- mp3gain 1.5.2-r2-6 (low)
+	[wheezy] - mp3gain <no-dsa> (Minor issue)
+	[squeeze] - mp3gain <no-dsa> (Minor issue)
 CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...)
 	{DSA-567-1}
 	- kdegraphics 3.3.2-1
@@ -154568,9 +154573,9 @@
 	NOT-FOR-US: IBM U2 UniVerse
 CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
 	- mpg123 0.59r-1
-        - mp3gain 1.5.2-r2-6 (low)
-        [wheezy] - mp3gain <no-dsa> (Minor issue)
-        [squeeze] - mp3gain <no-dsa> (Minor issue)
+	- mp3gain 1.5.2-r2-6 (low)
+	[wheezy] - mp3gain <no-dsa> (Minor issue)
+	[squeeze] - mp3gain <no-dsa> (Minor issue)
 CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
 	NOT-FOR-US: IRIX
 CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)

More information about the Secure-testing-commits mailing list