[Secure-testing-commits] r30041 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Nov 13 18:40:51 UTC 2014 

Author: jmm
Date: 2014-11-13 18:40:51 +0000 (Thu, 13 Nov 2014)
New Revision: 30041

Modified:
   data/CVE/list
Log:
wordpress non-issue
riece no-dsa also for jessie
more glibc/eglibc fixes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-13 18:33:50 UTC (rev 30040)
+++ data/CVE/list	2014-11-13 18:40:51 UTC (rev 30041)
@@ -394,6 +394,7 @@
 	[squeeze] - kexec-tools <not-affected> (coldreboot script not present)
 CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
 	- riece 8.0.0-1.3 (bug #601325)
+	[jessie] - riece <no-dsa> (Minor issue)
 	[wheezy] - riece <no-dsa> (Minor issue)
 	[squeeze] - riece <no-dsa> (Minor issue)
 CVE-2014-7401
@@ -7104,6 +7105,7 @@
 	RESERVED
 	- glibc 2.19-12
 	- eglibc <removed>
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17325
 	NOTE: https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
@@ -7606,6 +7608,7 @@
 	RESERVED
 	- glibc 2.17-1
 	- eglibc <removed>
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134
 	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
@@ -20245,6 +20248,7 @@
 CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka ...)
 	{DSA-2976-1 DLA-43-1}
 	- glibc 2.19-6
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	- eglibc <removed>
 CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
 	{DSA-2934-1}
@@ -27875,6 +27879,7 @@
 CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...)
 	- glibc 2.17-94 (low; bug #717178)
 	- eglibc <removed>
+	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	[wheezy] - eglibc 2.13-38+deb7u1
 	[squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to statically linked binaries)
 CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
@@ -42946,9 +42951,8 @@
 CVE-2012-5869
 	RESERVED
 CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...)
-	- wordpress <unfixed> (low; bug #696868)
-	[squeeze] - wordpress <no-dsa> (Minor issue)
-	[wheezy] - wordpress <no-dsa> (Minor issue)
+	- wordpress <unfixed> (unimportant; bug #696868)
+        NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868
 CVE-2012-5867
 	RESERVED
 CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo ...)

More information about the Secure-testing-commits mailing list