[Secure-testing-commits] r28530 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Sep 1 04:53:50 UTC 2014
Author: carnil
Date: 2014-09-01 04:53:50 +0000 (Mon, 01 Sep 2014)
New Revision: 28530
Modified:
data/CVE/list
Log:
Revert "automatic update"
This reverts commit 770fd79f57d1757508f923494249105a1e992b1c.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-31 21:14:12 UTC (rev 28529)
+++ data/CVE/list 2014-09-01 04:53:50 UTC (rev 28530)
@@ -496,11 +496,11 @@
[wheezy] - libav <not-affected> (Vulnerable code not present)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
CVE-2014-5262 (SQL injection vulnerability in the graph settings script ...)
- {DSA-3007-1 }
+ {DSA-3007-1}
- cacti 0.8.8b+dfsg-8
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
CVE-2014-5261 (The graph settings script (graph_settings.php) in Cacti 0.8.8b and ...)
- {DSA-3007-1 }
+ {DSA-3007-1}
- cacti 0.8.8b+dfsg-8
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
CVE-2014-XXXX [unspecific error when handling MyISAM temporary files can be exploited to execute arbitrary code]
@@ -801,17 +801,17 @@
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-10.html
CVE-2014-5163 (The APN decode functionality in (1) epan/dissectors/packet-gtp.c and ...)
- {DSA-3002-1 }
+ {DSA-3002-1}
- wireshark 1.12.0+git+4fab41a1-1
[squeeze] - wireshark 1.2.11-6+squeeze15
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-09.html
CVE-2014-5162 (The read_new_line function in wiretap/catapult_dct2000.c in the ...)
- {DSA-3002-1 }
+ {DSA-3002-1}
- wireshark 1.12.0+git+4fab41a1-1
[squeeze] - wireshark 1.2.11-6+squeeze15
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5161 (The dissect_log function in plugins/irda/packet-irda.c in the IrDA ...)
- {DSA-3002-1 }
+ {DSA-3002-1}
- wireshark 1.12.0+git+4fab41a1-1
[squeeze] - wireshark 1.2.11-6+squeeze15
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
@@ -1059,7 +1059,7 @@
RESERVED
NOT-FOR-US: tboot
CVE-2014-5117 (Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...)
- {DSA-2993-1 }
+ {DSA-2993-1}
- tor 0.2.4.23-1
[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2014-5116 (The cairo_image_surface_get_data function in Cairo 1.10.2, as used in ...)
@@ -1156,17 +1156,17 @@
NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/07/22/6
NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have ...)
- {DSA-2990-1 }
+ {DSA-2990-1}
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://cups.org/str.php?L4455
CVE-2014-5030 (CUPS before 2.0 allows local users to read arbitrary files via a ...)
- {DSA-2990-1 }
+ {DSA-2990-1}
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://cups.org/str.php?L4455
CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp group to ...)
- {DSA-2990-1 }
+ {DSA-2990-1}
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://cups.org/str.php?L4455
@@ -1177,12 +1177,12 @@
- reviewboard <itp> (bug #653113)
CVE-2014-5026 [XSS vulnerability]
RESERVED
- {DSA-3007-1 }
+ {DSA-3007-1}
- cacti 0.8.8b+dfsg-7
NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5025 [XSS vulnerability]
RESERVED
- {DSA-3007-1 }
+ {DSA-3007-1}
- cacti 0.8.8b+dfsg-7
NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5024 (Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell ...)
@@ -1849,7 +1849,7 @@
NOTE: http://framework.zend.com/security/advisory/ZF2014-03
TODO: check
CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before ...)
- {DSA-2981-1 }
+ {DSA-2981-1}
- polarssl 1.3.7-2.1 (bug #754655)
[squeeze] - polarssl 1.2.9-1~deb6u2
NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
@@ -1925,7 +1925,7 @@
CVE-2014-4700 (Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups ...)
NOT-FOR-US: Citrix XenDesktop
CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not properly ...)
- {DSA-2972-1 }
+ {DSA-2972-1}
- linux 3.14.10-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
@@ -2022,7 +2022,7 @@
CVE-2012-6649
RESERVED
CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- php5 5.6.0~rc1+dfsg-2 (low)
[squeeze] - php5 5.3.3-7+squeeze21
NOTE: https://bugs.php.net/bug.php?id=67498
@@ -2031,13 +2031,12 @@
- cherokee <removed> (low)
[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the ...)
- {DSA-2992-1 }
+ {DSA-2992-1}
- linux 3.14.9-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee (v3.16-rc1)
CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control ...)
- {}
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
@@ -2055,7 +2054,6 @@
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
CVE-2014-4652 (Race condition in the tlv handler functionality in the ...)
- {}
- linux 3.14.9-1 (low)
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed> (low)
@@ -2177,7 +2175,7 @@
NOTE: Not exploitable with the block sizes used in kernel images
CVE-2014-4607
RESERVED
- {DSA-2995-1 }
+ {DSA-2995-1}
- lzo <removed>
- lzo2 2.08-1 (bug #752861)
CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php ...)
@@ -2381,7 +2379,7 @@
CVE-2014-4505 (Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module ...)
NOT-FOR-US: Drupal module Easy Breadcrumb
CVE-2014-4617 (The do_uncompress function in g10/compress.c in GnuPG 1.x before ...)
- {DSA-2968-1 DSA-2967-1 }
+ {DSA-2968-1 DSA-2967-1}
- gnupg 1.4.16-1.2 (bug #752497)
[squeeze] - gnupg 1.4.10-4+squeeze5
- gnupg2 2.0.24-1 (bug #752498)
@@ -2742,28 +2740,28 @@
CVE-2014-4346 (Cross-site scripting (XSS) vulnerability in administration user ...)
NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2014-4345 (Off-by-one error in the krb5_encode_krbsecretkey function in ...)
- {DSA-3000-1 }
+ {DSA-3000-1}
- krb5 1.12.1+dfsg-7 (bug #757416)
[squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE: https://github.com/krb5/krb5/commit/81c332e29f10887c6b9deb065f81ba259f4c7e03
NOTE: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt
CVE-2014-4344 (The acc_ctx_cont function in the SPNEGO acceptor in ...)
- {DSA-3000-1 }
+ {DSA-3000-1}
- krb5 1.12.1+dfsg-5 (bug #755521)
[squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
CVE-2014-4343 (Double free vulnerability in the init_ctx_reselect function in the ...)
- {DSA-3000-1 }
+ {DSA-3000-1}
- krb5 1.12.1+dfsg-5 (bug #755520)
[squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...)
- {DSA-3000-1 }
+ {DSA-3000-1}
- krb5 1.12.1+dfsg-4 (bug #753625)
[squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...)
- {DSA-3000-1 }
+ {DSA-3000-1}
- krb5 1.12.1+dfsg-4 (bug #753624)
[squeeze] - krb5 1.8.3+dfsg-4squeeze8
NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
@@ -3481,7 +3479,7 @@
[wheezy] - linux 3.2.60-1
- linux-2.6 <not-affected> (squeeze-lts only covers x86)
CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ...)
- {DSA-2961-1 }
+ {DSA-2961-1}
- php5 5.6.0~beta4+dfsg-3 (bug #751364)
[squeeze] - php5 5.3.3-7+squeeze20
NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
@@ -3583,7 +3581,6 @@
NOTE: Fairly pointless CVE assignment...
CVE-2014-4150 [Insecure use of temporary file]
RESERVED
- {}
- scheme48 1.9-4 (bug #748766)
[wheezy] - scheme48 1.8+dfsg-1+deb7u1
[squeeze] - scheme48 1.8+dfsg-1+deb6u1
@@ -3954,7 +3951,6 @@
- typo3-src 4.5.34+dfsg1-1 (bug #749215)
[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when ...)
- {}
- linux 3.14.7-1
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
@@ -4485,7 +4481,7 @@
RESERVED
- foreman <itp> (bug #663101)
CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow ...)
- {DSA-3009-1 }
+ {DSA-3009-1}
- pillow 2.5.3-1 (bug #758772)
- python-imaging <removed>
[squeeze] - python-imaging 1.1.7-2+deb6u1
@@ -4547,7 +4543,7 @@
RESERVED
CVE-2014-3564 [heap-based buffer overflow in gpgsm status handler]
RESERVED
- {DSA-3005-1 }
+ {DSA-3005-1}
- gpgme1.0 1.5.1-1 (bug #756651)
[squeeze] - gpgme1.0 1.2.0-1.2+deb6u1
NOTE: patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
@@ -4640,7 +4636,7 @@
- php5 5.6.0~rc4+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=67705
CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the lp ...)
- {DSA-2990-1 }
+ {DSA-2990-1}
- cups 1.7.4-1
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://www.cups.org/str.php?L4450
@@ -4707,7 +4703,7 @@
CVE-2014-3516
RESERVED
CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- php5 5.6.0~rc2+dfsg-1
[squeeze] - php5 5.3.3-7+squeeze21
NOTE: https://bugs.php.net/bug.php?id=67492
@@ -4729,23 +4725,23 @@
- openssl 1.0.1i-1
[squeeze] - openssl <not-affected> (Doesn't support TLS higher than 1.0)
CVE-2014-3510 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
- {DSA-2998-1 }
+ {DSA-2998-1}
- openssl 1.0.1i-1
CVE-2014-3509 (Race condition in the ssl_parse_serverhello_tlsext function in ...)
{DSA-2998-1}
- openssl 1.0.1i-1
[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-3508 (The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 ...)
- {DSA-2998-1 }
+ {DSA-2998-1}
- openssl 1.0.1i-1
CVE-2014-3507 (Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 ...)
- {DSA-2998-1 }
+ {DSA-2998-1}
- openssl 1.0.1i-1
CVE-2014-3506 (d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, ...)
- {DSA-2998-1 }
+ {DSA-2998-1}
- openssl 1.0.1i-1
CVE-2014-3505 (Double free vulnerability in d1_both.c in the DTLS implementation in ...)
- {DSA-2998-1 }
+ {DSA-2998-1}
- openssl 1.0.1i-1
CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) ...)
- serf 1.3.7-1 (bug #757965)
@@ -4801,7 +4797,7 @@
- netty <not-affected> (Introduced in 3.9.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects 3.9.0 and 3.9.1
CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
@@ -4836,7 +4832,7 @@
CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
@@ -4844,7 +4840,7 @@
[squeeze] - php5 5.3.3-7+squeeze21
NOTE: http://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
@@ -4852,7 +4848,7 @@
[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
NOTE: https://bugs.php.net/bug.php?id=67411
CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file before ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
@@ -4887,7 +4883,7 @@
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
- {DSA-2950-1 }
+ {DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-3469 (The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU ...)
@@ -4900,7 +4896,7 @@
- libtasn1-3 <removed>
- libtasn1-6 3.6-1
CVE-2014-3466 (Buffer overflow in the read_server_hello function in ...)
- {DSA-2944-1 }
+ {DSA-2944-1}
- gnutls26 2.12.23-16
- gnutls28 3.2.15-1
[squeeze] - gnutls26 2.8.6-1+squeeze4
@@ -5516,7 +5512,7 @@
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
NOT-FOR-US: PHP-Fusion
CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
- {DSA-2949-1 }
+ {DSA-2949-1}
- linux 3.14.4-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
@@ -5524,7 +5520,7 @@
NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension ...)
- {DSA-2949-1 }
+ {DSA-2949-1}
- linux 3.14.4-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
@@ -5532,7 +5528,7 @@
NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3430 (Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x ...)
- {DSA-2954-1 }
+ {DSA-2954-1}
- dovecot 1:2.2.13~rc1-1 (low; bug #747549)
[squeeze] - dovecot 1:1.2.15-7+deb6u1
NOTE: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
@@ -5733,7 +5729,7 @@
- chromium-browser 35.0.1916.153-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel ...)
- {DSA-2949-1 }
+ {DSA-2949-1}
- linux 3.14.5-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze7
@@ -5757,7 +5753,7 @@
CVE-2014-3147
RESERVED
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
- {DSA-2941-1 }
+ {DSA-2941-1}
- lxml 3.3.5-1 (bug #746812)
[squeeze] - lxml 2.2.8-2+deb6u1
NOTE: http://lxml.de/3.3/changes-3.3.5.html
@@ -6120,7 +6116,7 @@
CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft ...)
NOT-FOR-US: Microsoft IIS
CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel ...)
- {DSA-2926-1 }
+ {DSA-2926-1}
- linux 3.14.4-1 (bug #747326)
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
@@ -7017,7 +7013,6 @@
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel ...)
- {}
- linux 3.13.10-1
[wheezy] - linux 3.2.57-1
- linux-2.6 <removed>
@@ -9243,7 +9238,7 @@
CVE-2014-1829
RESERVED
CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in ...)
- {DSA-2880-1 }
+ {DSA-2880-1}
- python2.5 <removed> (low)
- python2.6 <removed> (low)
[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -10171,7 +10166,7 @@
- bugzilla <removed>
NOTE: bugzilla part for Adobe Flash's CVE-2014-4671.
CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote ...)
- {DSA-2962-1 DSA-2960-1 DSA-2955-1 }
+ {DSA-2962-1 DSA-2960-1 DSA-2955-1}
- nspr 2:4.10.6-1
- iceweasel 30.0-1
- icedove 31.0~b1-1
@@ -10414,13 +10409,13 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1492 (The cert_TestHostName function in lib/certdb/certdb.c in the ...)
- {DSA-2994-1 }
+ {DSA-2994-1}
- nss 2:3.16-1
[squeeze] - nss 3.12.8-1+squeeze8
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...)
- {DSA-2994-1 DSA-2858-1 }
+ {DSA-2994-1 DSA-2858-1}
- iceweasel 24.3.0esr-1
- icedove 24.3.0-1
- nss 2:3.15.4-1
@@ -10677,7 +10672,7 @@
CVE-2014-1420
RESERVED
CVE-2014-1419 (Race condition in the power policy functions in policy-funcs in ...)
- {DSA-2984-1 }
+ {DSA-2984-1}
- acpi-support 0.142-2
CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...)
{DSA-2934-1}
@@ -10754,7 +10749,6 @@
[wheezy] - linux 3.2.53-1
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=96b340406724d87e4621284ebac5e059d67b2194
CVE-2014-1438 (The restore_fpu_checking function in ...)
- {}
- linux 3.12.8-1 (bug #733551)
- linux-2.6 <removed>
[wheezy] - linux 3.2.54-1
@@ -12555,20 +12549,20 @@
{DSA-3010-1}
- python-django 1.6.6-1
CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows ...)
- {DSA-2997-1 }
+ {DSA-2997-1}
- reportbug 6.5.0+nmu1
[squeeze] - reportbug 4.12.6+deb6u1
CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which ...)
- {DSA-2958-1 }
+ {DSA-2958-1}
- apt 1.0.4 (bug #749795)
[squeeze] - apt 0.8.10.3+squeeze2
CVE-2014-0477 (The parse function in Email::Address module before 1.905 for Perl uses ...)
- {DSA-2969-1 }
+ {DSA-2969-1}
- libemail-address-perl 1.905-1
[squeeze] - libemail-address-perl 1.889-2+deb6u1
CVE-2014-0476
RESERVED
- {DSA-2945-1 }
+ {DSA-2945-1}
- chkrootkit 0.49-5
[squeeze] - chkrootkit 0.49-4+deb6u1
CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka ...)
@@ -12635,12 +12629,12 @@
CVE-2013-7178
RESERVED
CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban ...)
- {DSA-2979-1 }
+ {DSA-2979-1}
- fail2ban 0.8.11-1
[squeeze] - fail2ban 0.8.4-3+squeeze3
NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...)
- {DSA-2979-1 }
+ {DSA-2979-1}
- fail2ban 0.8.11-1
[squeeze] - fail2ban 0.8.4-3+squeeze3
CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...)
@@ -13991,7 +13985,7 @@
[wheezy] - samba <not-affected> (AD feature not present)
NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
CVE-2014-0238 (The cdf_read_property_info function in cdf.c in the Fileinfo component ...)
- {DSA-2943-1 }
+ {DSA-2943-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
@@ -13999,7 +13993,7 @@
[squeeze] - php5 <no-dsa> (Minor issue, can be fixed along with a future DSA)
NOTE: https://bugs.php.net/bug.php?id=67327
CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...)
- {DSA-2943-1 }
+ {DSA-2943-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
@@ -14047,7 +14041,7 @@
[squeeze] - libspring-java <no-dsa> (Minor issue)
[wheezy] - libspring-java <no-dsa> (Minor issue)
CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h ...)
- {DSA-2950-1 }
+ {DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0223 [qcow1: Validate image size]
@@ -14065,7 +14059,7 @@
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL before ...)
- {DSA-2950-1 }
+ {DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote ...)
@@ -14113,7 +14107,7 @@
RESERVED
- foreman <itp> (bug #663101)
CVE-2014-0207 (The cdf_read_short_sector function in cdf.c in file before 5.19, as ...)
- {DSA-2974-1 }
+ {DSA-2974-1}
- file 1:5.19-1
[squeeze] - file 5.04-5+squeeze6
NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
@@ -14133,7 +14127,6 @@
- keystone 2014.1-5 (bug #749026)
[wheezy] - keystone <not-affected>
CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before ...)
- {}
- linux 2.6.33-1
- linux-2.6 2.6.37-1
[squeeze] - linux-2.6 2.6.32-48squeeze8
@@ -14159,7 +14152,7 @@
- linux-2.6 <removed>
NOTE: PoC: http://pastebin.com/yTSFUBgZ
CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before ...)
- {DSA-2950-1 }
+ {DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0194
@@ -14170,7 +14163,7 @@
- foreman <itp> (bug #663101)
CVE-2014-0191 [external parameter entity loaded when entity substitution is disabled]
RESERVED
- {DSA-2978-1 }
+ {DSA-2978-1}
- libxml2 2.9.1+dfsg1-4 (bug #747309)
[squeeze] - libxml2 2.7.8.dfsg-2+squeeze9
NOTE: patch: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
@@ -14591,7 +14584,7 @@
NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does ...)
- {DSA-2908-1 }
+ {DSA-2908-1}
- openssl 1.0.1g-1 (low; bug #742923)
[squeeze] - openssl 0.9.8o-4squeeze15
NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c
@@ -14622,7 +14615,7 @@
RESERVED
NOT-FOR-US: OpenShift
CVE-2014-0067 (The "make check" command for the test suites in PostgreSQL 9.3.3 and ...)
- {DSA-2865-1 DSA-2864-1 }
+ {DSA-2865-1 DSA-2864-1}
- postgresql-9.1 9.1.11-2
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
@@ -16253,7 +16246,6 @@
- unrealircd <itp> (bug #515130)
NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221
CVE-2013-6412 (The transform_save function in transform.c in Augeas 1.0.0 through ...)
- {}
- augeas <unfixed> (bug #731111)
[wheezy] - augeas <not-affected> (Affected patch not present/applied)
[squeeze] - augeas <not-affected> (Affected patch not present/applied)
@@ -16441,7 +16433,7 @@
CVE-2013-6360
RESERVED
CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...)
- {DSA-2815-1 }
+ {DSA-2815-1}
- munin 2.0.18-1
[squeeze] - munin 1.4.5-3+deb6u1
NOTE: http://munin-monitoring.org/ticket/1397
@@ -17143,7 +17135,7 @@
[squeeze] - apt-listbugs <no-dsa> (Minor issue)
[wheezy] - apt-listbugs 0.1.8+deb7u1
CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin ...)
- {DSA-2815-1 }
+ {DSA-2815-1}
- munin 2.0.18-1
[squeeze] - munin 1.4.5-3+deb6u1
CVE-2013-6047 (Multiple cross-site scripting (XSS) vulnerabilities in the site ...)
@@ -17974,7 +17966,7 @@
CVE-2013-5706 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5705 (apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote ...)
- {DSA-2991-1 }
+ {DSA-2991-1}
- modsecurity-apache 2.7.7-1
- libapache-mod-security <removed>
[squeeze] - libapache-mod-security 2.5.12-1+squeeze4
@@ -18299,7 +18291,7 @@
{DSA-2820-1}
- nspr 2:4.10.2-1
CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla ...)
- {DSA-2994-1 }
+ {DSA-2994-1}
- nss 2:3.15.3-1 (bug #735105)
[squeeze] - nss 3.12.8-1+squeeze8
CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 ...)
@@ -19775,11 +19767,11 @@
- moodle 2.5.1-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4995 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before ...)
- {DSA-2975-1 }
+ {DSA-2975-1}
- phpmyadmin 4:4.0.4.2-1 (low)
[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4996 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- {DSA-2975-1 }
+ {DSA-2975-1}
- phpmyadmin 4:4.0.4.2-1
[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4997 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
@@ -19804,7 +19796,7 @@
- phpmyadmin 4:4.0.4.2-1 (low)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-5003 (Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before ...)
- {DSA-2975-1 }
+ {DSA-2975-1}
- phpmyadmin 4:4.0.4.2-1
[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4937 (Multiple unspecified vulnerabilities in the AiCloud feature on the ...)
@@ -21153,7 +21145,6 @@
[wheezy] - horizon <not-affected> (v3 API introduced in Grizzly)
NOTE: https://bugs.launchpad.net/horizon/+bug/1237989
CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is ...)
- {}
- linux 3.11.7-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
@@ -21426,7 +21417,6 @@
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...)
- {}
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
- linux 3.11.5-1
@@ -21903,7 +21893,6 @@
RESERVED
CVE-2013-4251 [weave /tmp and current directory issues]
RESERVED
- {}
- python-scipy 0.12.0-3 (bug #726093)
[wheezy] - python-scipy <no-dsa> (Minor issue)
[squeeze] - python-scipy 0.7.2+dfsg1-1+deb6u1
@@ -21933,7 +21922,7 @@
- tiff 4.0.3-3
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4243 (Heap-based buffer overflow in the readgifimage function in the ...)
- {DSA-2965-1 }
+ {DSA-2965-1}
- tiff 4.0.3-9 (low; bug #742917)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
[squeeze] - tiff 3.9.4-5+squeeze11
@@ -21954,7 +21943,7 @@
NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6 ...)
- {DSA-2880-1 }
+ {DSA-2880-1}
- python2.5 <removed> (low)
[squeeze] - python2.5 <no-dsa> (Minor issue)
- python2.6 <removed> (low)
@@ -24382,7 +24371,6 @@
CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...)
- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...)
- {}
- phpmyadmin 4:3.4.11.1-2
[squeeze] - phpmyadmin 4:3.3.7-8
NOTE: Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime
@@ -28676,7 +28664,7 @@
- bugzilla4 <itp> (bug #669643)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...)
- {DSA-2994-1 }
+ {DSA-2994-1}
- nss 2:3.15.3-1 (bug #735105)
[squeeze] - nss 3.12.8-1+squeeze8
NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
@@ -34162,7 +34150,6 @@
NOTE: http://trac.roundcube.net/ticket/1488850
NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
CVE-2012-6120 (Red Hat OpenStack Essex and Folsom creates the /var/log/puppet ...)
- {}
- puppet 2.6.4-2
[squeeze] - puppet <no-dsa> (Minor issue)
NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
@@ -35944,7 +35931,6 @@
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote ...)
NOT-FOR-US: Symfony
CVE-2012-5573 (The connection_edge_process_relay_cell function in or/relay.c in Tor ...)
- {}
- tor 0.2.3.25-1 (low)
[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-5572 (CRLF injection vulnerability in the cookie method ...)
@@ -37532,7 +37518,7 @@
[squeeze] - chromium-browser <end-of-life>
NOTE: http://www.imperialviolet.org/2012/09/21/crime.html
CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
- {DSA-2627-1 DSA-2626-1 DSA-2579-1 }
+ {DSA-2627-1 DSA-2626-1 DSA-2579-1}
- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
- chromium-browser 22.0.1229.94~r161065-1
NOTE: Chromium fix: https://chromiumcodereview.appspot.com/10825183/
@@ -41497,7 +41483,6 @@
{DSA-2548-1}
- tor 0.2.3.20-rc-1 (low)
CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...)
- {}
- tor 0.2.3.20-rc-1 (low)
[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-3516 (The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall ...)
@@ -41517,7 +41502,6 @@
[squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
NOTE: http://www.munin-monitoring.org/ticket/1238
CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the ...)
- {}
- munin 2.0.6-1 (bug #684075)
[squeeze] - munin 1.4.5-3+deb6u1
NOTE: http://www.munin-monitoring.org/ticket/1234
@@ -44346,7 +44330,6 @@
NOTE: http://secunia.com/advisories/42619/
CVE-2010-5110 [poppler: JPEG error handler]
RESERVED
- {}
- poppler 0.16.3-1 (bug #722705)
[squeeze] - poppler 0.12.4-1.2+squeeze4
CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's ...)
@@ -44840,11 +44823,9 @@
{DSA-2578-1}
- rssh 2.3.3-6
CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of ...)
- {}
- tor 0.2.3.24-rc-1 (low)
[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of ...)
- {}
- tor 0.2.3.23-rc-1 (low)
[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-2248 [build-influenced PATH set in dhclient]
@@ -47478,7 +47459,6 @@
{DSA-2431-1}
- libdbd-pg-perl 2.19.0-1 (bug #661536)
CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x ...)
- {}
- python2.5 <removed> (low)
- python2.6 2.6.8-0.1 (low)
- python2.7 2.7.3~rc1-1 (low)
@@ -48284,7 +48264,6 @@
CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
- webcalendar <removed>
CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, ...)
- {}
- python3.1 <removed> (low)
[squeeze] - python3.1 <no-dsa> (Minor issue)
- python3.2 3.2.3~rc1-1
@@ -48463,12 +48442,10 @@
{DSA-2408-1}
- php5 5.3.9-1
CVE-2012-0787 (The clone_file function in transfer.c in Augeas before 1.0.0, when ...)
- {}
- augeas 1.0.0-1 (low; bug #731132)
[squeeze] - augeas <no-dsa> (Minor issue)
[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2012-0786 (The transform_save function in transform.c in Augeas before 1.0.0 ...)
- {}
- augeas 1.0.0-1 (low; bug #731132)
[squeeze] - augeas <no-dsa> (Minor issue)
[wheezy] - augeas <no-dsa> (Minor issue)
@@ -50166,7 +50143,6 @@
- policykit-1 0.103-1
[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable ...)
- {}
- python2.7 2.7.3~rc2-2 (low; bug #650555)
- python2.6 2.6.8-1 (unimportant; bug #615118)
[squeeze] - python2.6 2.6.6-8+deb6u1
@@ -50178,7 +50154,6 @@
CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote ...)
- piwik <itp> (bug #506933)
CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
- {}
- python2.7 2.7.2-8 (unimportant)
- python2.6 <unfixed> (unimportant; bug #664135)
[squeeze] - python2.6 2.6.6-8+deb6u1
@@ -54719,7 +54694,6 @@
[squeeze] - empathy <no-dsa> (Minor issue)
[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when the ...)
- {}
- apt 0.8.11 (low)
[squeeze] - apt 0.8.10.3+squeeze2
NOTE: Minor issue, apt is only affected if apt-transport-https is installed
@@ -60874,7 +60848,6 @@
{DSA-2231-1}
- otrs2 2.4.10+dfsg1-1
CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x ...)
- {}
- python3.1 <removed> (bug #628453)
[squeeze] - python3.1 <no-dsa> (Minor issue)
- python3.2 3.2-3
@@ -62475,7 +62448,6 @@
{DSA-2240-1}
- linux-2.6 2.6.38-1
CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in ...)
- {}
- python2.6 2.6.8-1 (low; bug #614860)
[wheezy] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
[squeeze] - python2.6 2.6.6-8+deb6u1
More information about the Secure-testing-commits
mailing list