[Secure-testing-commits] r30168 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Nov 19 22:43:56 UTC 2014
Author: jmm
Date: 2014-11-19 22:43:56 +0000 (Wed, 19 Nov 2014)
New Revision: 30168
Modified:
data/CVE/list
Log:
n-m no-dsa
bug filed for cyassl
edk2 n/a
two older xen issues fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-19 21:54:40 UTC (rev 30167)
+++ data/CVE/list 2014-11-19 22:43:56 UTC (rev 30168)
@@ -9450,11 +9450,11 @@
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-5148 (Xen 4.4.x, when running on an ARM system and "handling an unknown ...)
- - xen <unfixed>
+ - xen 4.4.1-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-5147 (Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not ...)
- - xen <unfixed>
+ - xen 4.4.1-1
[wheezy] - xen <not-affected> (Vulnerable code not present)
[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-5146 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x ...)
@@ -10148,13 +10148,11 @@
RESERVED
CVE-2014-4860
RESERVED
- - edk2 <unfixed>
- NOTE: check
+ - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4859
RESERVED
- - edk2 <unfixed>
- NOTE: check
+ - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre ...)
NOT-FOR-US: Sabre AirCenter Crew
@@ -15375,19 +15373,19 @@
NOTE: https://drupal.org/SA-CORE-2014-002
CVE-2014-2904
RESERVED
- - cyassl <unfixed>
+ - cyassl <unfixed> (bug #770229)
NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2903
RESERVED
- - cyassl <unfixed>
+ - cyassl <unfixed> (bug #770229)
NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2902
RESERVED
- - cyassl <unfixed>
+ - cyassl <unfixed> (bug #770229)
NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2901
RESERVED
- - cyassl <unfixed>
+ - cyassl <unfixed> (bug #770229)
NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 ...)
- cyassl 2.9.4+dfsg-1
@@ -56936,6 +56934,7 @@
CVE-2012-1096
RESERVED
- network-manager <unfixed> (low; bug #684259)
+ [jessie] - network-manager <no-dsa> (Minor issue)
[wheezy] - network-manager <no-dsa> (Minor issue)
[squeeze] - network-manager <no-dsa> (Minor issue)
CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)
More information about the Secure-testing-commits
mailing list