[Secure-testing-commits] r26310 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Mar 28 08:00:23 UTC 2014 

Author: jmm
Date: 2014-03-28 08:00:22 +0000 (Fri, 28 Mar 2014)
New Revision: 26310

Modified:
   data/CVE/list
Log:
new kernel issue
fix rails entries for oldstable
various openstack no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-28 07:29:38 UTC (rev 26309)
+++ data/CVE/list	2014-03-28 08:00:22 UTC (rev 26310)
@@ -1331,6 +1331,7 @@
 CVE-2014-2237 [Trustee token revocation does not work with memcache backend]
 	RESERVED
 	- keystone <unfixed>
+	[wheezy] - keystone <no-dsa> (Minor issue)
 	NOTE: https://launchpad.net/bugs/1260080
 CVE-2014-2236 (Multiple cross-site scripting (XSS) vulnerabilities in Askbot before ...)
 	- askbot <itp> (bug #687966)
@@ -6818,6 +6819,8 @@
 	RESERVED
 CVE-2014-0077
 	RESERVED
+	- linux <unfixed>
+	- linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does ...)
 	- openssl <unfixed>
 	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c
@@ -8425,7 +8428,7 @@
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
-	- rails 2.3.14.1
+	- rails <not-affected> (vulnerable code not present)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 	NOTE: CVE for incomplete fix for CVE-2013-0155
 CVE-2013-6416 (Cross-site scripting (XSS) vulnerability in the simple_format helper ...)
@@ -8440,7 +8443,7 @@
 	- rails-3.2 3.2.16-3+0
 	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
 	- ruby-actionpack-2.3 <removed> (bug #731289)
-	- rails 2.3.14.1
+	- rails <not-affected> (vulnerable code not present)
 	NOTE: Starting with 2.3.14.1 rails is a transition package
 CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)
 	{DSA-2888-1}
@@ -19030,6 +19033,7 @@
 	RESERVED
 	- cinder <unfixed>
 	- keystone <unfixed>
+	[wheezy] - keystone <no-dsa> (Minor issue)
 	- nova <unfixed>
 	- quantum <unfixed>
 	- swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5)
@@ -19883,6 +19887,7 @@
 	- qemu-kvm <not-affected> (qemu guest agent introduced in 1.4)
 CVE-2013-2006 (OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode ...)
 	- keystone <unfixed>
+	[wheezy] - keystone <no-dsa> (Minor issue)
 	NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py
 	NOTE: https://bugs.launchpad.net/keystone/+bug/1172195
 CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the ...)

More information about the Secure-testing-commits mailing list