[Secure-testing-commits] r28952 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Sep 22 10:11:35 UTC 2014 

Author: jmm
Date: 2014-09-22 10:11:35 +0000 (Mon, 22 Sep 2014)
New Revision: 28952

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
remove unfixed entries for squeeze, all older versions in the older suites
  are unfixed by default
remove apache2 from dsa-needed, only one debatable issue is open for wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-22 09:45:48 UTC (rev 28951)
+++ data/CVE/list	2014-09-22 10:11:35 UTC (rev 28952)
@@ -16670,7 +16670,6 @@
 CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...)
 	{DSA-2989-1}
 	- apache2 2.4.10-1
-	[squeeze] - apache2 <unfixed>
 CVE-2014-0230
 	RESERVED
 CVE-2014-0229
@@ -16683,7 +16682,6 @@
 CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server ...)
 	{DSA-2989-1}
 	- apache2 2.4.10-1
-	[squeeze] - apache2 <unfixed>
 CVE-2014-0225 [Information disclosure via SSRF]
 	RESERVED
 	- libspring-java 3.0.6.RELEASE-14 (low; bug #753470)
@@ -17098,7 +17096,6 @@
 CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate ...)
 	{DSA-2989-1}
 	- apache2 2.4.10-1
-	[squeeze] - apache2 <unfixed>
 CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, ...)
 	- apache2 2.4.10-1
 	[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
@@ -20647,7 +20644,6 @@
 	NOTE: http://martin.swende.se/blog/HTTPChunked.html
 CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
 	- apache2 2.4.10-2 (medium)
-	[squeeze] - apache2 <unfixed>
 	NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
 	NOTE: Patch at https://github.com/apache/httpd/commit/bd34b9d92894b7fc01810fc11a059fa30067e431#diff-381c180d963fb4507c77d80edb208224
 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-09-22 09:45:48 UTC (rev 28951)
+++ data/dsa-needed.txt	2014-09-22 10:11:35 UTC (rev 28952)
@@ -12,8 +12,6 @@
 If needed, specify the release by adding a slash after the name of the source package.
 
 --
-apache2
---
 asterisk
 --
 libgcrypt11 (carnil)

More information about the Secure-testing-commits mailing list