[Secure-testing-commits] r29209 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-10-02 15:31:05 +0000 (Thu, 02 Oct 2014)
New Revision: 29209

Modified:
   data/CVE/list
Log:
openstack, fckeditor no-dsa
reset glassfish to <undetermined>, no specific details available


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-02 14:50:42 UTC (rev 29208)
+++ data/CVE/list	2014-10-02 15:31:05 UTC (rev 29209)
@@ -193,11 +193,12 @@
 	TODO: check
 CVE-2014-7230
 	RESERVED
-	- cinder <unfixed>
-	- nova <unfixed>
-	- trove <unfixed>
+	- cinder <unfixed> (low)
+	- nova <unfixed> (low)
+	[wheezy] - nova <no-dsa> (Minor issue)
+	- trove <unfixed> (low)
+	[wheezy] - trove <no-dsa> (Minor issue)
 	NOTE: https://launchpad.net/bugs/1343604
-	TODO: check
 CVE-2014-7205 [Arbitrary JavaScript Execution in Bassmaster]
 	RESERVED
 	NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
@@ -7429,7 +7430,8 @@
 CVE-2014-4038 (ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a ...)
 	- ppc64-diag <itp> (bug #740179)
 CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in ...)
-	- fckeditor <unfixed> (bug #752873)
+	- fckeditor <unfixed> (low; bug #752873)
+	[wheezy] - fckeditor <no-dsa> (Minor issue)
 	- docvert <removed>
 	[wheezy] - docvert <no-dsa> (Minor issue)
 	[squeeze] - docvert <no-dsa> (Minor issue)
@@ -46761,7 +46763,7 @@
 CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
 CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...)
-	- glassfish <unfixed> (bug #692035)
+	- glassfish <undetermined> (bug #692035)
 	NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version.
 CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
 	NOT-FOR-US: Oracle Supply Chain Products Suite