[Secure-testing-commits] r30042 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Nov 13 19:32:15 UTC 2014 

Author: jmm
Date: 2014-11-13 19:32:15 +0000 (Thu, 13 Nov 2014)
New Revision: 30042

Modified:
   data/CVE/list
Log:
further no-dsa for jessie
mark encfs version which displays the warning as the fixed version


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-13 18:40:51 UTC (rev 30041)
+++ data/CVE/list	2014-11-13 19:32:15 UTC (rev 30042)
@@ -12210,6 +12210,7 @@
 CVE-2014-3495 [improper verification of SSL certificates]
 	RESERVED
 	- duplicity <unfixed> (low; bug #751902)
+	[jessie] - duplicity <no-dsa> (Minor issue)
 	[wheezy] - duplicity <no-dsa> (Minor issue)
 	[squeeze] - duplicity <no-dsa> (Minor issue)
 CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs ...)
@@ -12497,9 +12498,10 @@
 	[wheezy] - obnam <no-dsa> (Minor issue)
 CVE-2014-3462 [Editing Configuration File Disables MACs]
 	RESERVED
-	- encfs <unfixed> (bug #736066)
+	- encfs 1.7.4-4 (bug #736066)
 	[squeeze] - encfs <no-dsa> (Minor issue)
 	[wheezy] - encfs <no-dsa> (Minor issue)
+	NOTE: Shortcoming documented in 1.7.4-4
 	NOTE: https://defuse.ca/audits/encfs.htm
 CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
 	NOT-FOR-US: Drupal module
@@ -16653,6 +16655,7 @@
 	- 9base <unfixed> (low; bug #737206)
 	[squeeze] - 9base <no-dsa> (Minor issue)
 	[wheezy] - 9base <no-dsa> (Minor issue)
+	[jessie] - 9base <no-dsa> (Minor issue)
 CVE-2014-1934 (tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...)
 	- eyed3 <unfixed> (low; bug #737062)
 	[jessie] - eyed3 <no-dsa> (Minor issue)
@@ -52218,6 +52221,7 @@
 	- wordpress 3.0.3-1
 CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...)
 	- blender <unfixed> (low; bug #584621)
+	[jessie] - blender <no-dsa> (Minor issue)
 	[squeeze] - blender <no-dsa> (Minor issue)
 	[wheezy] - blender <no-dsa> (Minor issue)
 CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...)

More information about the Secure-testing-commits mailing list