[Secure-testing-commits] r30168 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Nov 19 22:43:56 UTC 2014 

Author: jmm
Date: 2014-11-19 22:43:56 +0000 (Wed, 19 Nov 2014)
New Revision: 30168

Modified:
   data/CVE/list
Log:
n-m no-dsa
bug filed for cyassl
edk2 n/a
two older xen issues fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-19 21:54:40 UTC (rev 30167)
+++ data/CVE/list	2014-11-19 22:43:56 UTC (rev 30168)
@@ -9450,11 +9450,11 @@
 	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-5148 (Xen 4.4.x, when running on an ARM system and "handling an unknown ...)
-	- xen <unfixed>
+	- xen 4.4.1-1
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	[squeeze] - xen <not-affected> (Vulnerable code not present)
 CVE-2014-5147 (Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not ...)
-	- xen <unfixed>
+	- xen 4.4.1-1
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	[squeeze] - xen <not-affected> (Vulnerable code not present)
 CVE-2014-5146 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x ...)
@@ -10148,13 +10148,11 @@
 	RESERVED
 CVE-2014-4860
 	RESERVED
-	- edk2 <unfixed>
-	NOTE: check
+	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
 	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
 CVE-2014-4859
 	RESERVED
-	- edk2 <unfixed>
-	NOTE: check
+	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
 	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
 CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre ...)
 	NOT-FOR-US: Sabre AirCenter Crew
@@ -15375,19 +15373,19 @@
 	NOTE: https://drupal.org/SA-CORE-2014-002
 CVE-2014-2904
 	RESERVED
-	- cyassl <unfixed>
+	- cyassl <unfixed> (bug #770229)
 	NOTE: according to maintainer addressed in 3.2.0 upstream
 CVE-2014-2903
 	RESERVED
-	- cyassl <unfixed>
+	- cyassl <unfixed> (bug #770229)
 	NOTE: according to maintainer addressed in 3.2.0 upstream
 CVE-2014-2902
 	RESERVED
-	- cyassl <unfixed>
+	- cyassl <unfixed> (bug #770229)
 	NOTE: according to maintainer addressed in 3.2.0 upstream
 CVE-2014-2901
 	RESERVED
-	- cyassl <unfixed>
+	- cyassl <unfixed> (bug #770229)
 	NOTE: according to maintainer addressed in 3.2.0 upstream
 CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 ...)
 	- cyassl 2.9.4+dfsg-1
@@ -56936,6 +56934,7 @@
 CVE-2012-1096
 	RESERVED
 	- network-manager <unfixed> (low; bug #684259)
+	[jessie] - network-manager <no-dsa> (Minor issue)
 	[wheezy] - network-manager <no-dsa> (Minor issue)
 	[squeeze] - network-manager <no-dsa> (Minor issue)
 CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)

More information about the Secure-testing-commits mailing list