[Secure-testing-commits] r30346 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Nov 26 07:15:21 UTC 2014 

Author: jmm
Date: 2014-11-26 07:15:21 +0000 (Wed, 26 Nov 2014)
New Revision: 30346

Modified:
   data/CVE/list
Log:
new NFU (concludes external check)
older asterisk issue CVEfied
older libressl issue didn't get a CVE ID by MITRE


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-26 06:58:43 UTC (rev 30345)
+++ data/CVE/list	2014-11-26 07:15:21 UTC (rev 30346)
@@ -1198,7 +1198,7 @@
 	RESERVED
 CVE-2014-XXXX [zoph multiple issues]
 	- zoph <removed>
-	NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C
+	NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
 CVE-2014-8988 [information disclosure in MantisBT attachments]
 	RESERVED
 	- mantis <unfixed>
@@ -2088,6 +2088,7 @@
 	NOT-FOR-US: Adobe Flash Player
 CVE-2014-8439
 	RESERVED
+	NOT-FOR-US: Adobe Flash Player
 CVE-2014-8438 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2014-8437 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
@@ -6189,8 +6190,10 @@
 	RESERVED
 CVE-2014-6611 (The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, ...)
 	NOT-FOR-US: BlackBerry
-CVE-2014-6609
+CVE-2014-6609 [Remote crash based on malformed SIP subscription]
 	RESERVED
+	- asterisk <not-affected> (only affects 12.x series)
+	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html
 CVE-2014-6608
 	RESERVED
 CVE-2014-6606
@@ -6207,9 +6210,6 @@
 	NOT-FOR-US: Microsoft Asha OS
 CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
 	NOT-FOR-US: Phorum
-CVE-2014-XXXX [Remote crash based on malformed SIP subscription]
-	- asterisk <not-affected> (only affects 12.x series)
-	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html
 CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x ...)
 	- python-keystonemiddleware 1.0.0-3 (bug #762748)
 	- python-keystoneclient 1:0.10.1-2 (bug #762749)
@@ -10678,9 +10678,6 @@
 	NOT-FOR-US: wysija-newsletters
 CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for ...)
 	NOT-FOR-US: wysija-newsletters
-CVE-2014-XXXX [libressl before 2.0.2 under linux PRNG failure]
-	- libressl <itp> (bug #754513)
-	NOTE: http://www.openwall.com/lists/oss-security/2014/07/16/6
 CVE-2014-4978 [insecure use of temporary files]
 	RESERVED
 	- rawstudio <removed> (low; bug #754899)

More information about the Secure-testing-commits mailing list