[Secure-testing-commits] r33800 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Fri Apr 24 10:01:09 UTC 2015 

Author: hertzog
Date: 2015-04-24 10:01:09 +0000 (Fri, 24 Apr 2015)
New Revision: 33800

Modified:
   data/CVE/list
Log:
Mark a bunch of old CVE as <end-of-life> in squeeze

The tracker JSON output was listing those CVE as open in squeeze-lts
because squeeze-security still contains vulnerable version of the
packages. Their removal has been requested in #782499 but this will
hide them from my view in the mean time.

Those issues had likely been fixed through squeeze-pu but the fixed
packages are gone from squeeze now and only the vulnerable packages remain
in squeeze-security.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-24 09:12:16 UTC (rev 33799)
+++ data/CVE/list	2015-04-24 10:01:09 UTC (rev 33800)
@@ -4808,6 +4808,7 @@
 CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and ...)
 	{DSA-3183-1}
 	- movabletype-opensource <removed>
+	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
 CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in ...)
@@ -7460,6 +7461,7 @@
 CVE-2015-0845 (Format string vulnerability in Movable Type Pro, Open Source, and ...)
 	{DSA-3227-1}
 	- movabletype-opensource <removed>
+	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
 CVE-2015-0844 (The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x ...)
 	{DSA-3218-1 DLA-202-1}
@@ -10339,6 +10341,7 @@
 CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...)
 	{DSA-3183-1}
 	- movabletype-opensource <removed> (bug #774192)
+	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://movabletype.org/news/2014/12/6.0.6.html
 	NOTE: https://movabletype.org/documentation/appendices/release-notes/6.0.6.html
 CVE-2014-9056
@@ -18313,6 +18316,7 @@
 CVE-2014-6275
 	RESERVED
 	- fusionforge 5.3.2-1
+	[squeeze] - fusionforge <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
 CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not encrypted]
 	RESERVED
@@ -31448,7 +31452,7 @@
 CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	- spip 3.0.13-1 (bug #736170)
 	[wheezy] - spip 2.1.17-1+deb7u3
-	[squeeze] - spip 2.1.1-3squeeze8
+	[squeeze] - spip <end-of-life> (Not supported in Squeeze LTS)
 CVE-2013-7302 (Session fixation vulnerability in the Ubercart module 6.x-2.x before ...)
 	NOT-FOR-US: Drupal contrib
 CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...)
@@ -38713,7 +38717,7 @@
 CVE-2013-5743
 	RESERVED
 	- zabbix 1:2.0.8+dfsg-2
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
+	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
 CVE-2013-5742
 	RESERVED
 CVE-2013-5741 (Triangle Research International (aka Tri) Nano-10 PLC devices with ...)
@@ -51010,7 +51014,7 @@
 	[squeeze] - bcron 0.09-11+squeeze1
 CVE-2013-1364 (The user.login function in Zabbix before 1.8.16 and 2.x before ...)
 	- zabbix 1:2.0.4+dfsg-2 (bug #698541)
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
+	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
 CVE-2013-1363
 	RESERVED
@@ -75566,7 +75570,7 @@
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and ...)
 	- bugzilla <removed> (low)
-	[squeeze] - bugzilla 3.6.2.0-4.5
+	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS ...)
 	- iceweasel <not-affected> (MacOS specific)
@@ -75611,7 +75615,7 @@
 	[squeeze] - iceape <not-affected> (Only affects Firefox >= 4)
 CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x ...)
 	- bugzilla <removed> (low)
-	[squeeze] - bugzilla 3.6.2.0-4.5
+	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2011-3656
 	RESERVED
@@ -76842,14 +76846,14 @@
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...)
 	- zabbix 1:1.8.9-1
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
+	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
 CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...)
 	- zabbix 1:1.8.6-1 (unimportant)
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
+	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Installation path is known anyway for the Debian package
 CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows ...)
 	- zabbix 1:1.8.6-1
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
+	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
 CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 ...)
 	{DSA-2337-1}
 	- xen 4.1.1-1

More information about the Secure-testing-commits mailing list