[Secure-testing-commits] r26785 - in data: CVE DSA
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri May 2 12:16:50 UTC 2014
Author: jmm
Date: 2014-05-02 12:16:50 +0000 (Fri, 02 May 2014)
New Revision: 26785
Modified:
data/CVE/list
data/DSA/list
Log:
fix mysql/yassl entry: CVE-2013-0139 is for the generic protocol issue and CVE-2013-1623 for the issue in mysql
add no-dsa for issues unfixed in mysql 5.1 releases; won't be fixed unless fixed upstream
add missing CVE ID for previous mysql 5.1 DSA
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-02 09:14:22 UTC (rev 26784)
+++ data/CVE/list 2014-05-02 12:16:50 UTC (rev 26785)
@@ -8554,6 +8554,7 @@
NOT-FOR-US: Apache Camel
CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...)
- mysql-5.1 <removed> (low)
+ [squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
- mysql-5.5 5.5.37-1 (low; bug #737596)
- mariadb-5.5 5.5.35-1 (low; bug #737597)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1054592
@@ -27180,8 +27181,6 @@
- bouncycastle 1.48+dfsg-2 (low; bug #699885)
[wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
- - mysql-5.1 <removed>
- - mysql-5.5 5.5.30+dfsg-1.1 (bug #699886)
- polarssl 1.1.4-2 (bug #699887)
- nss 2:3.14.3-1 (bug #699888)
[squeeze] - nss <no-dsa> (Minor issue)
@@ -29465,6 +29464,7 @@
CVE-2012-5615 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, ...)
- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
- mysql-5.1 <unfixed> (low; bug #695001)
+ [squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
- mysql-5.5 <unfixed> (low; bug #695001)
[wheezy] - mysql-5.5 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.5.x)
NOTE: https://mariadb.atlassian.net/browse/MDEV-3909
@@ -32888,7 +32888,8 @@
NOTE: maintainer contacted us, working on update
NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac
CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in ...)
- - mysql-5.1 <unfixed> (bug #687484)
+ - mysql-5.1 <unfixed> (low; bug #687484)
+ [squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
- mysql-5.5 5.5.30+dfsg-1 (bug #687485)
CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when ...)
- keystone 2012.1.1-6 (bug #687428)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2014-05-02 09:14:22 UTC (rev 26784)
+++ data/DSA/list 2014-05-02 12:16:50 UTC (rev 26785)
@@ -499,7 +499,7 @@
[squeeze] - python-crypto 2.1.0-2+squeeze2
[wheezy] - python-crypto 2.6-4+deb7u1
[18 Oct 2013] DSA-2780-1 mysql-5.1 - several
- {CVE-2012-2750 CVE-2013-3839 CVE-2013-1861 CVE-2012-0553 CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2012-5060 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389 CVE-2013-1492 CVE-2013-1506 CVE-2013-1521 CVE-2013-1531 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-1555 CVE-2013-2375 CVE-2013-2378 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 CVE-2013-3802 CVE-2013-3804 CVE-2013-3808}
+ {CVE-2012-2750 CVE-2013-3839 CVE-2013-1861 CVE-2012-0553 CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2012-5060 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389 CVE-2013-1492 CVE-2013-1506 CVE-2013-1521 CVE-2013-1531 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-1555 CVE-2013-2375 CVE-2013-2378 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 CVE-2013-3802 CVE-2013-3804 CVE-2013-3808 CVE-2013-1623}
[squeeze] - mysql-5.1 5.1.72-2
[13 Oct 2013] DSA-2779-1 libxml2 - denial of service
{CVE-2013-2877}
More information about the Secure-testing-commits
mailing list