[Secure-testing-commits] r33910 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 28 12:41:43 UTC 2015
Author: carnil
Date: 2015-04-28 12:41:43 +0000 (Tue, 28 Apr 2015)
New Revision: 33910
Modified:
data/CVE/list
Log:
Add TODO for two quassel CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-28 11:30:08 UTC (rev 33909)
+++ data/CVE/list 2015-04-28 12:41:43 UTC (rev 33910)
@@ -1,7 +1,8 @@
CVE-2015-3427 [Incomplete fix for CVE-2013-4422]
- - quassel <not-affected> (Incomplete fix not applied and Postgres support not enabled in Debian, see #552374)
+ - quassel <unfixed>
NOTE: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
NOTE: http://quassel-irc.org/node/120
+ TODO: Needs to be re-evaluated
CVE-2015-3420 [remote DoS on TLS connections]
- dovecot <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/3
@@ -42238,7 +42239,8 @@
CVE-2013-4423
RESERVED
CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
- - quassel <not-affected> (Postgres support not enabled in Debian, see #552374)
+ - quassel <unfixed>
+ TODO: Needs to be re-evaluated, #552374 claims Postgres support is not enabled in Debian
CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server before ...)
- dropbear 2012.55-1.4 (low; bug #726019)
[squeeze] - dropbear <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list