[Secure-testing-commits] r30081 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Nov 15 19:29:48 UTC 2014 

Author: jmm
Date: 2014-11-15 19:29:48 +0000 (Sat, 15 Nov 2014)
New Revision: 30081

Modified:
   data/CVE/list
Log:
various no-dsa
pillow confirmed as non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-15 19:09:44 UTC (rev 30080)
+++ data/CVE/list	2014-11-15 19:29:48 UTC (rev 30081)
@@ -9675,6 +9675,7 @@
 	- lzo <removed>
 	- lzo2 2.08-1 (bug #752861)
 	- busybox 1:1.22.0-10 (bug #768945)
+	[wheezy] - busybox <no-dsa> (Minor issue)
 CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php ...)
 	NOT-FOR-US: WordPress plugin ZeenShare
 CVE-2014-4605 (Cross-site scripting (XSS) vulnerability in cal/test.php in the ...)
@@ -12133,9 +12134,9 @@
 	- libvt-ldap-java 3.3.8-1 (bug #763608)
 CVE-2014-3606
 	RESERVED
-	- pillow <unfixed>
-	- python-imaging <removed>
-	TODO: Check, according to RH not a security issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8
+	- pillow <unfixed> (unimportant)
+	- python-imaging <removed> (unimportant)
+	NOTE: not a security issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8
 CVE-2014-3605
 	RESERVED
 CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not ...)
@@ -12299,6 +12300,8 @@
 	- tomcatjss <unfixed>
 	- uzbl <unfixed> (unimportant)
 	- yaws <unfixed>
+	[wheezy] - yaws <no-dsa> (Minor issue)
+	[squeeze] - yaws <no-dsa> (Minor issue)
 	- znc <unfixed> (bug #766957)
 	NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
 	NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
@@ -47208,10 +47211,12 @@
 	- keystone 2012.1.1-9 (bug #689210)
 CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable ...)
 	- opencryptoki <unfixed> (low; bug #689417)
+	[jessie] - opencryptoki <no-dsa> (Minor issue)
 	[squeeze] - opencryptoki <no-dsa> (Minor issue)
 	[wheezy] - opencryptoki <no-dsa> (Minor issue)
 CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...)
 	- opencryptoki <unfixed> (low; bug #689417)
+	[jessie] - opencryptoki <no-dsa> (Minor issue)
 	[squeeze] - opencryptoki <no-dsa> (Minor issue)
 	[wheezy] - opencryptoki <no-dsa> (Minor issue)
 CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...)
@@ -50005,6 +50010,7 @@
 	- eglibc <removed>
 	[jessie] - eglibc <not-affected> (eglibc replaced by glibc in jessie, workaround for #769128)
 	- glibc 2.13-35 (low; bug #681473)
+	[wheezy] - eglibc <no-dsa> (Minor issue)
 	[squeeze] - eglibc <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
@@ -63627,7 +63633,7 @@
 	- cyassl <unfixed>
 	- gnutls26 <unfixed>
 	- gnutls28 <unfixed>
-	NOTE: guntls recommends to use TLS 1.1 or 1.2.  There doesn't seem to be a fix for TLS 1.0.
+	NOTE: gnutls recommends to use TLS 1.1 or 1.2.  There doesn't seem to be a fix for TLS 1.0.
 	- haskell-tls <unfixed>
 	- matrixssl <removed> (low)
 	[squeeze] - matrixssl <no-dsa> (Minor issue)
@@ -66592,6 +66598,7 @@
 	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
 	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
 	- kfreebsd-10 <unfixed> (low)
+	[jessie] - kfreebsd-10 <no-dsa> (Minor issue)
 	NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
 CVE-2011-2392
 	RESERVED

More information about the Secure-testing-commits mailing list