[Secure-testing-commits] r30085 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Nov 17 11:44:31 UTC 2014
Author: jmm
Date: 2014-11-17 11:44:31 +0000 (Mon, 17 Nov 2014)
New Revision: 30085
Modified:
data/CVE/list
Log:
qpid-cpp no-dsa
add some eol for mantis in squeeze
oath-toolkit not security-relevant
haskell-tls disabled sslv3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-16 21:10:24 UTC (rev 30084)
+++ data/CVE/list 2014-11-17 11:44:31 UTC (rev 30085)
@@ -377,8 +377,6 @@
- linux-2.6 <removed>
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f (v3.14-rc3)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2de8e0d999b8790861cd3749bec2236ccc1c8110 (v2.6.30-rc1)
-CVE-2014-XXXX [PAM module does not check whether strdup allocations succeeded]
- - oath-toolkit <unfixed> (bug #742140)
CVE-2014-8650 [does not handle mutual authentication]
RESERVED
- python-requests-kerberos 0.5-2 (bug #768408)
@@ -407,6 +405,7 @@
CVE-2014-8598 [XML Import/Export plugin unrestricted access]
RESERVED
- mantis <unfixed>
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/mantisbt/mantisbt/commit/80a15487
NOTE: http://www.mantisbt.org/bugs/view.php?id=17780
CVE-2014-8592 (Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver ...)
@@ -3747,6 +3746,7 @@
CVE-2014-7146 [XmlImportExport plugin PHP Code Injection]
RESERVED
- mantis <unfixed>
+ [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17725
NOTE: https://github.com/mantisbt/mantisbt/commit/bed19db9 (1.2.x branch)
NOTE: https://github.com/mantisbt/mantisbt/commit/84017535 (master)
@@ -12040,9 +12040,9 @@
RESERVED
CVE-2014-3629 [qpidd can be induced to make http requests]
RESERVED
- - qpid-cpp <unfixed>
- NOTE: ttps://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
- TODO: check, according to advisory all versions up to and including 0.30
+ - qpid-cpp <unfixed> (low)
+ [wheezy] - qpid-cpp <no-dsa> (Minor issue)
+ NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
CVE-2014-3628
RESERVED
CVE-2014-3627
@@ -12276,7 +12276,7 @@
- kde-baseapps <unfixed> (unimportant)
- epiphany-browser <unfixed> (unimportant)
- fossil <unfixed>
- - haskell-tls <unfixed> (bug #768164)
+ - haskell-tls 1.2.9-2 (bug #768164)
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
- iceweasel 31.2.0esr-2
@@ -22110,7 +22110,8 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
CVE-2014-0212 [on-demand ACL policy loading enables a denial of service by consuming all available file descriptors]
RESERVED
- - qpid-cpp <unfixed>
+ - qpid-cpp <unfixed> (low)
+ [wheezy] - qpid-cpp <no-dsa> (Minor issue)
NOTE: Upstream issue: https://issues.apache.org/jira/browse/QPID-4938
NOTE: Commit which does no longer build acl support only as plugin: https://svn.apache.org/viewvc?view=revision&revision=r1494697
CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) ...)
More information about the Secure-testing-commits
mailing list