[Secure-testing-commits] r30200 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Nov 20 23:19:09 UTC 2014
Author: jmm
Date: 2014-11-20 23:19:09 +0000 (Thu, 20 Nov 2014)
New Revision: 30200
Modified:
data/CVE/list
Log:
kdeplasma-addons no-dsa for jessie
mark gnutls/beast as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-20 21:26:28 UTC (rev 30199)
+++ data/CVE/list 2014-11-20 23:19:09 UTC (rev 30200)
@@ -36687,6 +36687,7 @@
CVE-2013-2120 [weak generated passwords]
RESERVED
- kdeplasma-addons <unfixed> (low; bug #710497)
+ [jessie] - kdeplasma-addons <no-dsa> (Minor issue)
[wheezy] - kdeplasma-addons <no-dsa> (Minor issue)
[squeeze] - kdeplasma-addons <no-dsa> (Minor issue)
NOTE: Original fix https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce not sufficient
@@ -64844,9 +64845,9 @@
NOTE: http://bugs.python.org/issue13885
NOTE: python3.1 is fixed starting 3.1.5
- cyassl <unfixed>
- - gnutls26 <unfixed>
- - gnutls28 <unfixed>
- NOTE: gnutls recommends to use TLS 1.1 or 1.2. There doesn't seem to be a fix for TLS 1.0.
+ - gnutls26 <unfixed> (unimportant)
+ - gnutls28 <unfixed> (unimportant)
+ NOTE: No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported 2.0.0
- haskell-tls <unfixed>
- matrixssl <removed> (low)
[squeeze] - matrixssl <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list