[Secure-testing-commits] r33654 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Apr 17 17:22:24 UTC 2015
Author: jmm
Date: 2015-04-17 17:22:24 +0000 (Fri, 17 Apr 2015)
New Revision: 33654
Modified:
data/CVE/list
Log:
multiple no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-17 17:13:58 UTC (rev 33653)
+++ data/CVE/list 2015-04-17 17:22:24 UTC (rev 33654)
@@ -37,10 +37,10 @@
RESERVED
[experimental] - gnutls28 3.3.14-1
- gnutls28 <unfixed>
- - gnutls26 <removed>
+ [jessie] - gnutls28 <no-dsa> (Minor issue)
+ - gnutls26 <not-affected> (Introduced in 3.3.0)
NOTE: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
NOTE: https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
- TODO: check version
CVE-2015-3305
RESERVED
CVE-2015-3304
@@ -1094,6 +1094,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/04/03/10
CVE-2015-XXXX [caja automounts USB flash drives and CD/DVD drives while session is locked]
- caja <unfixed> (bug #781608)
+ [jessie] - caja <no-dsa> (Minor issue)
NOTE: https://github.com/mate-desktop/caja/issues/398
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
CVE-2015-3013 [Bypass of file blacklist]
@@ -2293,6 +2294,7 @@
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
CVE-2015-XXXX [Insufficient escaping in user manager allows XSS attack]
- dokuwiki 0.0.20140929.d-1 (bug #780817)
+ [jessie] - dokuwiki <no-dsa> (Minor issue)
[wheezy] - dokuwiki <no-dsa> (Minor issue)
[squeeze] - dokuwiki <no-dsa> (Minor issue)
CVE-2015-XXXX [Incorrect fix for CVE-2012-1836]
@@ -3352,7 +3354,10 @@
NOT-FOR-US: Acobot Live Chat & Contact Form plugin for WordPress
CVE-2015-XXXX [_IO_wstr_overflow integer overflow]
- eglibc <removed>
+ [wheezy] - eglibc <no-dsa> (Minor issue)
+ [squeeze] - eglibc <no-dsa> (Minor issue)
- glibc <unfixed> (bug #779587)
+ [jessie] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/22/15
@@ -3739,8 +3744,10 @@
NOT-FOR-US: ember.js
CVE-2015-1865 ["time of check to time of use" race condition fts.c]
RESERVED
- - coreutils <unfixed>
- TODO: check
+ - coreutils <unfixed> (low)
+ [jessie] - coreutils <no-dsa> (Minor issue)
+ [wheezy] - coreutils <no-dsa> (Minor issue)
+ [squeeze] - coreutils <no-dsa> (Minor issue)
CVE-2015-1864
RESERVED
- kallithea <itp> (bug #689573)
@@ -4407,6 +4414,9 @@
CVE-2015-2060 [directory traversal; related to overlong utf-8 encoding for /]
RESERVED
- cabextract 1.6-1 (bug #778753)
+ [jessie] - cabextract <no-dsa> (Minor issue)
+ [wheezy] - cabextract <no-dsa> (Minor issue)
+ [squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
NOTE: CVE assigned for issue were path traversal occurs because the unpatched
@@ -7380,6 +7390,7 @@
RESERVED
{DSA-3225-1}
- gst-plugins-bad0.10 <unfixed>
+ [jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
CVE-2015-0796
RESERVED
CVE-2015-0795
@@ -9511,6 +9522,7 @@
NOT-FOR-US: MiniBB
CVE-2014-9253 (The default file type whitelist configuration in conf/mime.conf in the ...)
- dokuwiki 0.0.20140929.d-1 (bug #773429)
+ [jessie] - dokuwiki <no-dsa> (Minor issue)
[wheezy] - dokuwiki <no-dsa> (Minor issue)
[squeeze] - dokuwiki <no-dsa> (Minor issue)
NOTE: https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
More information about the Secure-testing-commits
mailing list