[Secure-testing-commits] r30393 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Nov 27 16:34:58 UTC 2014 

Author: jmm
Date: 2014-11-27 16:34:57 +0000 (Thu, 27 Nov 2014)
New Revision: 30393

Modified:
   data/CVE/list
Log:
remove fossil/oscigenserver, only relies on openssl
no-dsa: poi, glibc, imagemagick, nagios, open-vm-tools
libimobiledevice n/a in squeeze/wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-27 16:14:40 UTC (rev 30392)
+++ data/CVE/list	2014-11-27 16:34:57 UTC (rev 30393)
@@ -1608,6 +1608,8 @@
 	RESERVED
 	{DLA-90-1}
 	- imagemagick 8:6.8.9.9-3 (bug #768494)
+	[wheezy] - imagemagick <no-dsa> (Minor issue)
+	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
 	NOTE: Patch here: http://trac.imagemagick.org/changeset/16872
 CVE-2014-8714 [TN5250 infinite loop]
@@ -3676,6 +3678,7 @@
 	RESERVED
 	- glibc <unfixed>
 	- eglibc <removed>
+	[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
 	NOTE: https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
 	NOTE: Git commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c
 CVE-2014-7816 [information disclosure via directory traversal]
@@ -12052,10 +12055,14 @@
 CVE-2014-4201 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle
 CVE-2014-4200 (vm-support 0.88 in VMware Tools, as distributed with VMware ...)
-	- open-vm-tools 2:9.4.6-1770165-1 (bug #770809)
+	- open-vm-tools 2:9.4.6-1770165-1 (low; bug #770809)
+	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
+	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
 CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware ...)
-	- open-vm-tools <unfixed> (bug #770809)
+	- open-vm-tools <unfixed> (low; bug #770809)
+	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
+	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
 CVE-2014-4198
 	RESERVED
@@ -13585,8 +13592,7 @@
 CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
 	- linux 3.16.2-1
 	[wheezy] - linux 3.2.63-1
-	- linux-2.6 <removed>
-	[squeeze] - linux-2.6 <end-of-life> (Unsupported in squeeze-lts)
+	- linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
 CVE-2014-3600
 	RESERVED
@@ -13672,6 +13678,7 @@
 	NOT-FOR-US: OpenOffice on Windows
 CVE-2014-3574 (Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote ...)
 	- libapache-poi-java 3.10.1-1
+	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
 CVE-2014-3573 (The oVirt Engine backend module, as used in Red Hat Enterprise ...)
 	NOT-FOR-US: oVirt Engine
@@ -13710,7 +13717,6 @@
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	- epiphany-browser <unfixed> (unimportant)
-	- fossil <unfixed>
 	- haskell-tls 1.2.9-2 (bug #768164)
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
@@ -13724,7 +13730,6 @@
 	- netsurf <unfixed> (unimportant)
 	- nginx <unfixed> (bug #767456)
 	- nss <unfixed>
-	- ocsigenserver <unfixed>
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
@@ -22639,6 +22644,7 @@
 	- icinga 1.10.2-1 (low)
 	[squeeze] - icinga <no-dsa> (Minor issue)
 	- nagios3 <unfixed> (low)
+	[jessie] - nagios3 <no-dsa> (Minor issue)
 	[squeeze] - nagios3 <no-dsa> (Minor issue)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	NOTE: https://dev.icinga.org/issues/5346
@@ -36829,8 +36835,8 @@
 	NOT-FOR-US: Katello
 CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME ...)
 	- libimobiledevice 1.1.5-0.1 (low; bug #710885)
-	[squeeze] - libimobiledevice <no-dsa> (Minor issue)
-	[wheezy] - libimobiledevice <no-dsa> (Minor issue)
+	[squeeze] - libimobiledevice <not-affected> (Vulnerable code was introduced later)
+	[wheezy] - libimobiledevice <not-affected> (Vulnerable code was introduced later)
 CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before ...)
 	{DSA-2766-1 DSA-2669-1}
 	- linux-2.6 <removed>

More information about the Secure-testing-commits mailing list