[Secure-testing-commits] r30309 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Nov 25 12:58:33 UTC 2014
Author: jmm
Date: 2014-11-25 12:58:33 +0000 (Tue, 25 Nov 2014)
New Revision: 30309
Modified:
data/CVE/list
Log:
asterisk CVEfied
bouncycastle n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-25 12:51:05 UTC (rev 30308)
+++ data/CVE/list 2014-11-25 12:58:33 UTC (rev 30309)
@@ -31,50 +31,6 @@
- wordpress 4.0.1+dfsg-1 (bug #770425)
NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
NOTE: split this entry up when CVEs assigned
-CVE-2014-XXXX [AST-2014-018]
- - asterisk <unfixed>
- [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24534
- NOTE: http://downloads.digium.com/pub/security/AST-2014-018.html
-CVE-2014-XXXX [AST-2014-017]
- - asterisk <unfixed>
- [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490
- NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html
- TODO: check
-CVE-2014-XXXX [AST-2014-016]
- - asterisk <unfixed>
- [jessie] - asterisk <not-affected> (PJSIP channel not available yet)
- [wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
- [squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
- NOTE: http://downloads.digium.com/pub/security/AST-2014-016.html
-CVE-2014-XXXX [AST-2014-015]
- - asterisk <unfixed>
- [jessie] - asterisk <not-affected> (PJSIP channel not available yet)
- [wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
- [squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
- NOTE: http://downloads.digium.com/pub/security/AST-2014-015.html
-CVE-2014-XXXX [AST-2014-014]
- - asterisk <unfixed>
- [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440
- NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html
- TODO: check
-CVE-2014-XXXX [AST-2014-013]
- - asterisk <unfixed>
- [jessie] - asterisk <not-affected> (PJSIP channel not available yet)
- [wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
- [squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531
- NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html
-CVE-2014-XXXX [AST-2014-012]
- - asterisk <unfixed>
- [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
- NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24469
- NOTE: http://downloads.digium.com/pub/security/AST-2014-012.html
- TODO: check
CVE-2014-9028 [Heap buffer write overflow]
- flac <unfixed> (bug #770918)
NOTE: Upstream patch https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
@@ -2110,20 +2066,54 @@
RESERVED
CVE-2014-8419
RESERVED
-CVE-2014-8418
+CVE-2014-8418 [AST-2014-018]
RESERVED
-CVE-2014-8417
+ - asterisk <unfixed>
+ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24534
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-018.html
+CVE-2014-8417 [AST-2014-017]
RESERVED
-CVE-2014-8416
+ - asterisk <unfixed>
+ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html
+CVE-2014-8416 [AST-2014-016]
RESERVED
-CVE-2014-8415
+ - asterisk <unfixed>
+ [jessie] - asterisk <not-affected> (PJSIP channel not available yet)
+ [wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
+ [squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-016.html
+CVE-2014-8415 [AST-2014-015]
RESERVED
-CVE-2014-8414
+ - asterisk <unfixed>
+ [jessie] - asterisk <not-affected> (PJSIP channel not available yet)
+ [wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
+ [squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-015.html
+CVE-2014-8414 [AST-2014-014]
RESERVED
-CVE-2014-8413
+ - asterisk <unfixed>
+ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html
+CVE-2014-8413 [AST-2014-013]
RESERVED
-CVE-2014-8412
+ - asterisk <unfixed>
+ [jessie] - asterisk <not-affected> (PJSIP channel not available yet)
+ [wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
+ [squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html
+CVE-2014-8412 [AST-2014-012]
RESERVED
+ - asterisk <unfixed>
+ [squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24469
+ NOTE: http://downloads.digium.com/pub/security/AST-2014-012.html
CVE-2014-8411
RESERVED
CVE-2014-8410
@@ -13592,7 +13582,8 @@
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
- apache2 2.4.10-6
- arora <unfixed> (unimportant)
- - bouncycastle <unfixed>
+ - bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
+ NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
- chromium-browser <unfixed> (bug #765928)
[squeeze] - chromium-browser <end-of-life>
- conkeror <unfixed> (unimportant)
@@ -17693,7 +17684,7 @@
NOTE: http://bugs.gw.com/view.php?id=164
NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
- php5 5.6.0+dfsg-1
- [squeeze] - php5 <not-affected>
+ [squeeze] - php5 <not-affected> (Vulnerable code not present)
NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding
NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"
NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not
More information about the Secure-testing-commits
mailing list