[Secure-testing-commits] r26369 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 31 05:43:40 UTC 2014 

Author: jmm
Date: 2014-03-31 05:43:40 +0000 (Mon, 31 Mar 2014)
New Revision: 26369

Modified:
   data/CVE/list
Log:
ppc issue introduced in 3.4
vlc unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-31 05:30:22 UTC (rev 26368)
+++ data/CVE/list	2014-03-31 05:43:40 UTC (rev 26369)
@@ -1,14 +1,13 @@
 CVE-2014-2673 [error in the "arch_dup_task_struct()" function]
 	- linux 3.13.7-1
-	- linux-2.6 <removed>
+	[wheezy] - linux <not-affected> (Introduced in 3.4)
+	- linux-2.6 <not-affected> (Introduced in 3.4)
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=621b5060e823301d0cba4cb52a7ee3491922d291
-	TODO: check when introduced
 	NOTE: only affects powerpc architecture
 CVE-2014-2672 [race condition error in the "ath_tx_aggr_sleep()" function]
 	- linux 3.13.7-1
 	- linux-2.6 <removed>
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8
-	TODO: check for older releases
 CVE-2014-2669 [postgresql: multiple integer overflows in hstore_io.c]
 	{DSA-2865-1}
 	- postgresql-9.1 <removed>
@@ -23,7 +22,9 @@
 	- python3.2 <removed>
 	- python3.3 <unfixed>
 	- python3.4 <unfixed>
-	TODO: does only affect 3.x, check all versions
+	- python2.5 <not-affected> (Only affects Python 3.x)
+	- python2.6 <not-affected> (Only affects Python 3.x)
+	- python2.7 <not-affected> (Only affects Python 3.x)
 CVE-2014-XXXX [Login csrf in Special:ChangePassword]
 	- mediawiki 1:1.19.14+dfsg-1 (bug #742857)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
@@ -2537,9 +2538,8 @@
 	RESERVED
 	- zabbix 1:2.2.2+dfsg-1
 CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
-	- vlc <unfixed> (low; bug #743033)
-	[wheezy] - vlc <no-dsa> (Minor issue)
-	[squeeze] - vlc <no-dsa> (Minor issue)
+	- vlc <unfixed> (unimportant; bug #743033)
+	NOTE: Crash in enduser application, no security impact
 CVE-2014-1683 (The bashMail function in ...)
 	NOT-FOR-US: SkyBlueCanvas CMS
 CVE-2014-1682 [API issue allows users to impersonate other users]

More information about the Secure-testing-commits mailing list