[Secure-testing-commits] r30354 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Nov 26 11:09:23 UTC 2014
Author: jmm
Date: 2014-11-26 11:09:23 +0000 (Wed, 26 Nov 2014)
New Revision: 30354
Modified:
data/CVE/list
Log:
three phpmyadmin issues n/a in stable
libjpeg-turbo fixed
pnp4nagios fixed
icecast fixed
mountall n/a in stable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-26 08:06:00 UTC (rev 30353)
+++ data/CVE/list 2014-11-26 11:09:23 UTC (rev 30354)
@@ -25,7 +25,7 @@
NOTE: https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85
NOTE: https://www.teeworlds.com/?page=news&id=11200
CVE-2014-9092
- - libjpeg-turbo <unfixed> (bug #768369)
+ - libjpeg-turbo 1:1.3.1-11 (bug #768369)
CVE-2014-9090
- linux <unfixed>
- linux-2.6 <removed>
@@ -805,23 +805,28 @@
CVE-2014-8961 [leakage of line count of an arbitrary file (PMASA-2014-16)]
RESERVED
- phpmyadmin 4:4.2.12-1
+ [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
- TODO: check older versions
CVE-2014-8960 [XSS vulnerability in error reporting functionality (PMASA-2014-15)]
RESERVED
- phpmyadmin 4:4.2.12-1
+ [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
- TODO: check older versions
CVE-2014-8959 [Local file inclusion vulnerability (PMASA-2014-14)]
RESERVED
- phpmyadmin 4:4.2.12-1
+ [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
- TODO: check older versions
CVE-2014-8958 [Multiple XSS vulnerabilities (PMASA-2014-13)]
RESERVED
- - phpmyadmin 4:4.2.12-1
+ - phpmyadmin 4:4.2.12-1 (low)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
- TODO: check older versions
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 need
+ NOTE: to be backported to 3.4
CVE-2014-8957
RESERVED
CVE-2014-8956
@@ -10779,14 +10784,14 @@
[wheezy] - quassel 0.8.0-1+deb7u2
[squeeze] - quassel <no-dsa> (Minor issue)
CVE-2014-4908 (Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios ...)
- - pnp4nagios <unfixed> (low)
+ - pnp4nagios 0.6.24+dfsg1-1 (low)
[wheezy] - pnp4nagios <no-dsa> (Minor issue)
NOTE: https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516078
NOTE: https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516140
CVE-2014-4907 (Cross-site scripting (XSS) vulnerability in ...)
- - pnp4nagios <unfixed> (low)
+ - pnp4nagios 0.6.24+dfsg1-1 (low)
[wheezy] - pnp4nagios <no-dsa> (Minor issue)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
NOTE: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
@@ -14735,7 +14740,7 @@
- emacs24 24.3+1-4
NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
CVE-2014-9091
- - icecast2 <unfixed> (low)
+ - icecast2 2.4.0-1 (low)
[squeeze] - icecast2 <no-dsa> (Minor issue)
[wheezy] - icecast2 <no-dsa> (Minor issue)
NOTE: https://trac.xiph.org/changeset/19137/
@@ -20044,6 +20049,7 @@
CVE-2014-1421 [insecure mount permissions]
RESERVED
- mountall <unfixed>
+ [wheezy] - mountall <not-affected> (Only affected when using more recent mount versions)
NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
NOTE: and http://www.ubuntu.com/usn/usn-2411-1
NOTE: There is a note in ubuntu's tracker mentioning that this is an issue
More information about the Secure-testing-commits
mailing list