[Secure-testing-commits] r27044 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue May 27 16:25:15 UTC 2014 

Author: jmm
Date: 2014-05-27 16:25:15 +0000 (Tue, 27 May 2014)
New Revision: 27044

Modified:
   data/CVE/list
Log:
add missing eol entries for chromium
update xemac21 status


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-05-27 14:36:47 UTC (rev 27043)
+++ data/CVE/list	2014-05-27 16:25:15 UTC (rev 27044)
@@ -1326,20 +1326,22 @@
 	[wheezy] - emacs23 <no-dsa> (Minor issue)
 	[squeeze] - emacs23 <no-dsa> (Minor issue)
 	- emacs24 24.3+1-4
+	- xemacs21-packages <not-affected> (Vulnerable code not present)
 	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
 CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local ...)
 	- emacs23 <unfixed> (bug #747100)
 	[wheezy] - emacs23 <no-dsa> (Minor issue)
 	[squeeze] - emacs23 <no-dsa> (Minor issue)
 	- emacs24 24.3+1-4
+	- xemacs21-packages <unfixed> (low)
+	[squeeze] - xemacs21-packages <no-dsa> (Minor issue)
 	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html
 CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local ...)
 	- emacs23 <unfixed> (bug #747100)
 	[wheezy] - emacs23 <no-dsa> (Minor issue)
 	[squeeze] - emacs23 <no-dsa> (Minor issue)
 	- emacs24 24.3+1-4
-	- xemacs21-packages <unfixed>
-	TODO: check xemacs21-packages
+	- xemacs21-packages <not-affected> (Vulnerable code not present)
 	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html
 CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users ...)
 	- emacs23 <unfixed> (bug #747100)
@@ -1496,6 +1498,7 @@
 	RESERVED
 CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in ...)
 	- chromium-browser 35.0.1916.114-1
+	[squeeze] - chromium-browser <end-of-life>
 	- libv8 <removed>
 	- libv8-3.14 <unfixed>
 CVE-2014-3151
@@ -5178,28 +5181,38 @@
 CVE-2014-1751 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+	[squeeze] - chromium-browser <end-of-life>
 	- chromium-browser 35.0.1916.114-1
 CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in ...)
+	[squeeze] - chromium-browser <end-of-life>
 	- chromium-browser 35.0.1916.114-1
 CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the ...)
 	- chromium-browser 35.0.1916.114-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1746 (The InMemoryUrlProtocol::Read function in ...)
 	- chromium-browser 35.0.1916.114-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
 	- chromium-browser 35.0.1916.114-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream ...)
 	- chromium-browser 35.0.1916.114-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument ...)
 	- chromium-browser 35.0.1916.114-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance ...)
 	{DSA-2930-1}
 	- chromium-browser 34.0.1847.137-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the ...)
 	{DSA-2930-1}
 	- chromium-browser 34.0.1847.137-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1740 (Multiple use-after-free vulnerabilities in ...)
 	{DSA-2930-1}
 	- chromium-browser 34.0.1847.137-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-1739
 	RESERVED
 CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux ...)
@@ -9263,7 +9276,6 @@
 	[squeeze] - mplayer <no-dsa> (Minor issue)
 	- mplayer2 <not-affected> (b-d's on liblivemedia but doesn't actually build the support for it)
 	NOTE: vlc fixed by the binnmu - recording it even if it's not a source pkg version
-	TODO: request binnmus
 CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
 	NOT-FOR-US: IrfanView
 CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before ...)

More information about the Secure-testing-commits mailing list