[Secure-testing-commits] r27070 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri May 30 10:37:05 UTC 2014
Author: jmm
Date: 2014-05-30 10:37:05 +0000 (Fri, 30 May 2014)
New Revision: 27070
Modified:
data/CVE/list
Log:
update squeeze eol per unsupported list from debian-security-support
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-30 09:14:16 UTC (rev 27069)
+++ data/CVE/list 2014-05-30 10:37:05 UTC (rev 27070)
@@ -1,5 +1,6 @@
CVE-2014-XXXX [TYPO3-CORE-SA-2014-001]
- typo3-src 4.5.34+dfsg1-1 (bug #749215)
+ [squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3917 [linux: DoS with syscall auditing]
- linux <unfixed>
- linux-2.6 <removed>
@@ -839,6 +840,8 @@
RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the ...)
NOT-FOR-US: NetIQ Sentinel
@@ -1523,6 +1526,7 @@
- chromium-browser 35.0.1916.114-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-3151
RESERVED
@@ -3745,8 +3749,10 @@
- asterisk <not-affected> (Only affects Asterisk 12.x)
CVE-2014-2287 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, ...)
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
+ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x ...)
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
+ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...)
{DSA-2871-1}
- wireshark 1.10.6-1
@@ -5258,12 +5264,14 @@
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
{DSA-2920-1}
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2920-1}
@@ -5286,12 +5294,14 @@
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2905-1}
@@ -5346,12 +5356,14 @@
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before ...)
{DSA-2883-1}
@@ -5382,12 +5394,14 @@
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2014-1703 (Use-after-free vulnerability in the ...)
{DSA-2883-1}
@@ -5461,6 +5475,7 @@
NOTE: path disclosure not an issue
CVE-2014-1685 (The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and ...)
- zabbix 1:2.2.2+dfsg-1
+ [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
- vlc 2.1.4-1 (unimportant; bug #743033)
NOTE: Crash in enduser application, no security impact
@@ -5468,6 +5483,7 @@
NOT-FOR-US: SkyBlueCanvas CMS
CVE-2014-1682 (The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ...)
- zabbix 1:2.2.2+dfsg-1 (bug #737818)
+ [squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://support.zabbix.com/browse/ZBX-7703
CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2811-1}
@@ -5635,9 +5651,11 @@
[squeeze] - mediawiki <end-of-life>
CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...)
- mantis <removed>
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in ...)
- mantis <removed>
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal EventCalendar
@@ -6295,6 +6313,7 @@
CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in ...)
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #735676)
+ [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
@@ -6408,90 +6427,71 @@
NOT-FOR-US: Apple iTunes
CVE-2014-1346
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1345
RESERVED
CVE-2014-1344
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1343
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1342
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1341
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1340
RESERVED
CVE-2014-1339
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1338
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1337
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1336
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1335
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1334
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1333
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1332
RESERVED
CVE-2014-1331
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1330
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1329
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1328
RESERVED
CVE-2014-1327
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1326
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1325
RESERVED
CVE-2014-1324
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1323
RESERVED
- - chromium-browser <undetermined>
- NOTE: may be safari-specific, but no useful info available (http://support.apple.com/kb/HT6254)
+ NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into ...)
NOT-FOR-US: Apple
CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically ...)
@@ -7259,6 +7259,7 @@
NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the ...)
- libplrpc-perl <removed> (high; bug #734789)
+ [squeeze] - libplrpc-perl <end-of-life> (Unsupported in squeeze-lts)
NOTE: Upstream appears dead.
CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list ...)
- gdm3 3.8.3-1 (low; bug #683338)
@@ -8141,6 +8142,7 @@
CVE-2014-0468
RESERVED
- fusionforge 5.3+20140506-1
+ [squeeze] - fusionforge <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html
CVE-2014-0467 (Buffer overflow in copy.c in Mutt before 1.5.23 allows remote ...)
{DSA-2874-1}
@@ -9557,11 +9559,15 @@
RESERVED
- qemu 2.0.0+dfsg-6
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
CVE-2014-0222 [qcow1: Validate L2 table size]
RESERVED
- qemu 2.0.0+dfsg-6
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
CVE-2014-0221
RESERVED
@@ -9689,6 +9695,8 @@
RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...)
- linux <unfixed> (bug #746738)
- linux-2.6 <removed>
@@ -9799,26 +9807,38 @@
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0146
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0145
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0144
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0143
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0142
RESERVED
- qemu 2.0.0+dfsg-1 (bug #742730)
- qemu-kvm <removed>
+ [squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0141
RESERVED
CVE-2014-0140
@@ -9876,6 +9896,7 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
CVE-2014-0126 (Cross-site request forgery (CSRF) vulnerability in ...)
- moodle 2.6.2-1
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
CVE-2014-0125 (repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before ...)
- moodle 2.6.2-1
@@ -9887,6 +9908,7 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
CVE-2014-0123 (The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...)
- moodle 2.6.2-1
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
NOTE: squeeze version unaffected due to lack of fine-grained access control?
CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, ...)
@@ -10030,6 +10052,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
- rails 2.3.14.1
+ [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
{DSA-2929-1}
@@ -10038,6 +10061,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
- rails 2.3.14.1
+ [squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0080 (SQL injection vulnerability in ...)
- rails-4.0 <unfixed>
@@ -10657,6 +10681,7 @@
[wheezy] - yui <no-dsa> (Not backportable, doesn't build from source in oldstable/stable)
- yui3 <not-affected>
- moodle 2.5.3-1
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-6779
RESERVED
CVE-2013-6778
@@ -10899,6 +10924,7 @@
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2883-1}
@@ -10967,12 +10993,14 @@
- chromium-browser 32.0.1700.123-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
{DSA-2862-1}
- chromium-browser 32.0.1700.123-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-6648
RESERVED
@@ -11003,18 +11031,21 @@
CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
{DSA-2811-1}
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 3.14.5.8-5
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
{DSA-2811-1}
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 3.14.5.8-5
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6638 (Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...)
{DSA-2811-1}
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
@@ -11506,6 +11537,7 @@
CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) ...)
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #734556)
+ [squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver ...)
@@ -11931,6 +11963,7 @@
- php-horde-kronolith 4.1.4-1 (bug #730980)
- kronolith2 <not-affected> (Vulnerable code not present)
- horde3 <removed>
+ [squeeze] - horde3 <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/horde/horde/commit/b79114d08ee8c8e43e74a179741749529f6d885c
CVE-2013-6364 [XSS and CSRF search.php]
RESERVED
@@ -12061,6 +12094,7 @@
NOT-FOR-US: Financial Services module for SAP ERP Central Component
CVE-2013-6283 (VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...)
- vlc 2.1.0-2
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: User-assisted DoS for X session (freezes window manager) in 2.0.3-5
NOTE: Potential code execution
CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kernel ...)
@@ -14445,6 +14479,7 @@
NOT-FOR-US: Drupal module
CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
- serendipity <removed>
+ [squeeze] - serendipity <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
NOT-FOR-US: TYPO3 extension
CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
@@ -16182,6 +16217,7 @@
- xen <not-affected> (Doesn't affect Linux)
CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x ...)
- xen <unfixed>
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...)
NOT-FOR-US: drupalauth module for simpleSAMLphp
CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...)
@@ -16361,6 +16397,7 @@
[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4523 (Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle ...)
- moodle 2.5.3-1
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x ...)
- moodle 2.5.3-1 (low)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -16475,6 +16512,7 @@
- torque 2.4.16+dfsg-1.3 (bug #729333)
CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock ...)
- xen <unfixed>
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4493
RESERVED
CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n ...)
@@ -16831,6 +16869,7 @@
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4388 (Buffer overflow in the mp4a packetizer ...)
- vlc 2.1.0-1 (bug #726528)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...)
- linux-2.6 <removed>
@@ -16899,6 +16938,7 @@
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and ...)
- xen <unfixed>
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4367
RESERVED
NOT-FOR-US: ovirt
@@ -16921,6 +16961,7 @@
NOTE: http://savannah.nongnu.org/bugs/?40034
CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...)
- xen <unfixed>
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4360
RESERVED
CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...)
@@ -16941,6 +16982,7 @@
[squeeze] - xen <not-affected> (Only affects 4.3+)
CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which ...)
- xen <unfixed>
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4354 (The API before 2.1 in OpenStack Image Registry and Delivery Service ...)
- glance <unfixed> (unimportant)
NOTE: https://bugs.launchpad.net/glance/+bug/1226078
@@ -16986,6 +17028,7 @@
CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, ...)
{DSA-2933-1 DSA-2932-1}
- xen 4.2-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
- qemu 1.6.0+dfsg-2 (unimportant; bug #725944)
- qemu-kvm <removed> (unimportant)
- xen-qemu-dm-4.0 <removed>
@@ -17003,6 +17046,7 @@
[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
- moodle 2.5.2-1
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote ...)
{DSA-2757-1}
- wordpress 3.6.1+dfsg-1 (bug #722537)
@@ -18920,6 +18964,7 @@
NOT-FOR-US: NAS4Free
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to ...)
- moodle <unfixed>
+ [squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://tracker.moodle.org/browse/MDL-41449
NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
TODO: check, bug is currently private
@@ -20488,6 +20533,7 @@
- chromium-browser 30.0.1599.101-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <unfixed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2918 (Use-after-free vulnerability in the ...)
{DSA-2785-1}
@@ -20640,6 +20686,7 @@
- chromium-browser 28.0.1500.95-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, ...)
{DSA-2732-1}
@@ -20810,6 +20857,7 @@
- chromium-browser 27.0.1453.93-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
{DSA-2695-1}
@@ -21258,6 +21306,7 @@
- piwik <itp> (bug #506933)
CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...)
- libv8 <removed>
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
CVE-2013-2631
RESERVED
@@ -22518,10 +22567,13 @@
NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
- xen 4.3.0-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2195 (The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest ...)
- xen 4.3.0-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2194 (Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and ...)
- xen 4.3.0-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2193 [Apache HBase Man in the Middle Vulnerability]
RESERVED
NOT-FOR-US: Apache HBase
@@ -22932,9 +22984,11 @@
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
CVE-2013-2077 (Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of ...)
- xen 4.2.2-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only ...)
- xen 4.2.2-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
CVE-2013-2075
RESERVED
@@ -23337,6 +23391,7 @@
NOT-FOR-US: Easy PHP Calendar
CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
- vlc 2.0.6-1 (bug #705136)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.videolan.org/security/sa1302.html
CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in ...)
- autotrace <unfixed> (low; bug #742873)
@@ -23620,6 +23675,7 @@
NOT-FOR-US: Red Hat Satellite
CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and ...)
- vlc 2.0.5-1
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.videolan.org/security/sa1301.html
CVE-2013-1867
RESERVED
@@ -25161,6 +25217,7 @@
- python-django 1.5.4-1 (bug #723043)
CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not ...)
- xen <unfixed>
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
TODO: check, see NOTE
NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default
CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initialize ...)
@@ -25221,6 +25278,7 @@
RESERVED
CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not ...)
- xen 4.3.0-1
+ [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable
CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before ...)
{DSA-2702-1}
@@ -31068,9 +31126,11 @@
NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache ...)
- couchdb 1.2.0-5 (bug #698439)
+ [squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash]
RESERVED
- couchdb 1.2.0-5 (bug #698439)
+ [squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow ...)
- foreman <itp> (bug #663101)
CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...)
@@ -31175,6 +31235,7 @@
CVE-2012-5617 [privilege escalation due to improper authentication settings in policykit configuration file]
RESERVED
- gksu-polkit <removed> (bug #695807)
+ [squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...)
NOT-FOR-US: CloudStack
@@ -34508,6 +34569,7 @@
- smarty3 3.1.10-2 (bug #688153)
- smarty <removed> (bug #702710)
[squeeze] - smarty 2.6.26-0.2+squeeze1
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
NOTE: http://secunia.com/advisories/50589/
NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
@@ -34974,6 +35036,8 @@
CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
- smarty3 3.1.10-1
- smarty <removed> (low)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...)
NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
@@ -37335,6 +37399,7 @@
- at-spi2-atk 2.5.3-1 (bug #678026)
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
- vlc 2.0.2-1 (bug #680665)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...)
@@ -41391,8 +41456,10 @@
NOT-FOR-US: F5 Firepass
CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...)
- vlc 2.0.1-1 (low)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...)
- vlc 2.0.1-1 (low)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in ...)
- dotclear 2.5+dfsg-1 (low; bug #670227)
NOTE: Post-authentication; vulnerability is actually in admin/media.php.
@@ -44403,6 +44470,7 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in ...)
- gridengine 6.2u5-7.1
+ [squeeze] - gridengine <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.securityfocus.com/bid/53132
NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
@@ -45283,6 +45351,7 @@
NOT-FOR-US: hitAppoint (not in Debian)
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
- libv8 3.6.6.14-2 (bug #653962)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
{DSA-2783-1}
- ruby-rack 1.4.0-1 (bug #653963)
@@ -46801,6 +46870,7 @@
NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
CVE-2012-0023 (Double free vulnerability in the get_chunk_header function in ...)
- vlc 1.1.13-1
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-0022 (Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before ...)
{DSA-2401-1}
- tomcat5 <removed>
@@ -50546,6 +50616,7 @@
- cyrus-imapd-2.2 <unfixed>
- cyrus-imapd-2.4 2.4.11-1
- kolab-cyrus-imapd <removed>
+ [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3480
RESERVED
CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite ...)
@@ -50873,6 +50944,7 @@
- cyrus-imapd-2.2 2.4.11-1 (medium)
- cyrus-imapd-2.4 2.4.11-1 (medium)
- kolab-cyrus-imapd <removed> (medium)
+ [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: PunBB
CVE-2011-3370
@@ -51293,6 +51365,7 @@
- cyrus-imapd-2.2 2.4.11-1 (medium)
- cyrus-imapd-2.4 2.4.11-1 (medium)
- kolab-cyrus-imapd <removed> (medium)
+ [squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...)
- openssl 1.0.0e-1
[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
@@ -51601,6 +51674,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
- libv8 3.8.9.20-2 (bug #687574)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows ...)
- chromium-browser <not-affected> (PDF functionality not built)
[squeeze] - chromium-browser <end-of-life>
@@ -51763,6 +51837,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote ...)
- libv8 3.8.9.20-1 (bug #687574)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...)
@@ -52380,6 +52455,7 @@
CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...)
- chromium-browser <not-affected> (chromium uses libv8 system copy)
- libv8 3.8.9.20-1 (bug #687574)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
@@ -52407,6 +52483,7 @@
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (libv8 issue)
- libv8 3.8.9.20-1 (bug #687574)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...)
@@ -52472,6 +52549,7 @@
[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
- webkit <not-affected>
- libv8 3.4.14.21-1
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -52489,6 +52567,7 @@
[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
- webkit <not-affected>
- libv8 3.4.14.21-1
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -53286,8 +53365,10 @@
NOT-FOR-US: UUSee 201
CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in ...)
- vlc 1.1.11-1 (bug #633675)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...)
- vlc 1.1.11-1 (bug #633674)
+ [squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...)
NOT-FOR-US: Cisco IOS
CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...)
@@ -53953,6 +54034,7 @@
NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an ...)
- libv8 3.4.14-1
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading ...)
- chromium-browser 12.0.742.112~r90304-1
@@ -54378,6 +54460,7 @@
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <end-of-life>
- libv8 3.4.14-1
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
NOTE: execScript removed in libv8 3.2 branch
CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media ...)
{DSA-2257-1}
@@ -56920,8 +57003,10 @@
RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
- libv8 3.1.8.10-1 (bug #617418)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1285 (The regular-expression functionality in Google Chrome before ...)
- libv8 3.1.8.10-1 (bug #617418)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1284 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) ...)
NOT-FOR-US: MS Windows
CVE-2011-1283 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...)
@@ -57157,6 +57242,7 @@
NOTE: popup blocker bypass not treated as a security issue
CVE-2011-1193 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
- libv8 3.1.8.10-1 (bug #617418)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly handle ...)
- chromium-browser 10.0.648.127~r76697-1
[squeeze] - chromium-browser <not-affected>
@@ -57186,6 +57272,7 @@
NOTE: http://trac.webkit.org/changeset/77142
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
- libv8 3.1.8.10-1 (bug #617418)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- icedove 17.0.2-1 (low)
[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
@@ -57755,6 +57842,8 @@
RESERVED
- smarty3 3.0.8-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in ...)
NOT-FOR-US: cgit
CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
@@ -58538,30 +58627,45 @@
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> ...)
- smarty3 3.0~rc1-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 ...)
- smarty3 3.0.8-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the ...)
- smarty3 3.0.8-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in ...)
- smarty3 3.0.8-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...)
- smarty3 3.0.8-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 ...)
- smarty3 3.0.8-1
- smarty <removed>
+ [squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value when ...)
- smarty3 3.0~rc1-1
- smarty <removed>
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...)
- smarty3 3.0~rc1-1
- smarty <removed>
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 ...)
- smarty3 3.0~rc1-1
- smarty <removed>
+ [squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager ...)
NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
@@ -58730,6 +58834,7 @@
CVE-2011-0703
RESERVED
- gksu-polkit <removed> (bug #684489)
+ [squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
- feh 1.12-1 (low; bug #612035)
[squeeze] - feh <no-dsa> (Minor issue)
@@ -62904,6 +63009,7 @@
- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
- couchdb 1.1.0-1
+ [squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...)
- pam 1.1.3-1 (low; bug #608273)
[squeeze] - pam <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list