[Secure-testing-commits] r27015 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu May 22 20:02:35 UTC 2014
Author: jmm
Date: 2014-05-22 20:02:35 +0000 (Thu, 22 May 2014)
New Revision: 27015
Modified:
data/CVE/list
Log:
n/a: keystone
no-dsa: encfs, chicken, collabtive, icecast2, miniupnpc, obnam
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-22 13:32:55 UTC (rev 27014)
+++ data/CVE/list 2014-05-22 20:02:35 UTC (rev 27015)
@@ -636,6 +636,7 @@
TODO: check
CVE-2014-3800 [file containing a password world readable]
- xbmc <unfixed> (low; bug #747428)
+ [wheezy] - xbmc <no-dsa> (Minor issue)
NOTE: http://trac.xbmc.org/ticket/15198
CVE-2014-3774 [Multiple XSS vectors in items.php]
RESERVED
@@ -662,9 +663,10 @@
CVE-2014-3776 [buffer overrun in some uses ofread-u8vect]
RESERVED
- chicken <unfixed> (bug #748904)
+ [squeeze] - chicken <no-dsa> (Minor issue)
+ [wheezy] - chicken <no-dsa> (Minor issue)
NOTE: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
- TODO: check affected versions, at least unstable is (4.8.0.5, fixed with 4.8.0.7)
CVE-2014-3775 [memory corruption]
RESERVED
{DSA-2935-1}
@@ -751,10 +753,13 @@
- python-django 1.6.5-1
NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
CVE-2014-XXXX [data leak during restore]
- - obnam 1.8-1 (bug #745112)
+ - obnam 1.8-1 (low; bug #745112)
+ [wheezy] - obnam <no-dsa> (Minor issue)
CVE-2014-3462 [Editing Configuration File Disables MACs]
RESERVED
- encfs <unfixed> (bug #736066)
+ [squeeze] - encfs <no-dsa> (Minor issue)
+ [wheezy] - encfs <no-dsa> (Minor issue)
NOTE: https://defuse.ca/audits/encfs.htm
CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
NOT-FOR-US: Drupal module
@@ -1140,8 +1145,10 @@
RESERVED
CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows ...)
- collabtive <unfixed> (bug #748828)
+ [wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote ...)
- collabtive <unfixed> (bug #748828)
+ [wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3245
RESERVED
CVE-2014-3244
@@ -1237,7 +1244,9 @@
- emacs24 24.3+1-4
NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
CVE-2014-XXXX
- - icecast2 <unfixed>
+ - icecast2 <unfixed> (low)
+ [squeeze] - icecast2 <no-dsa> (Minor issue)
+ [wheezy] - icecast2 <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/changeset/19137/
CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity ...)
- python-soappy <unfixed> (bug #747280)
@@ -1751,6 +1760,7 @@
NOTE: Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1)
CVE-2013-XXXX [buffer overflow in miniupnpc]
- miniupnpc <unfixed> (low; bug #748913)
+ [wheezy] - miniupnpc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
@@ -9430,6 +9440,7 @@
CVE-2014-0204 [Keystone user and group id mismatch]
RESERVED
- keystone <unfixed>
+ [wheezy] - keystone <not-affected>
CVE-2014-0203
RESERVED
CVE-2014-0202
More information about the Secure-testing-commits
mailing list