[Secure-testing-commits] r31932 - in data: . CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Feb 3 15:24:49 UTC 2015 

Author: jmm
Date: 2015-02-03 15:24:48 +0000 (Tue, 03 Feb 2015)
New Revision: 31932

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
add icu and pound to dsa-needed
no-dsa: archmage, xchat, xchat-gnome
drop wpa issue to be rejected
php non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-03 14:31:36 UTC (rev 31931)
+++ data/CVE/list	2015-02-03 15:24:48 UTC (rev 31932)
@@ -58,6 +58,8 @@
 	NOTE: libv8 is not covered by security support
 CVE-2015-XXXX [directory traversal]
 	- archmage 1:0.2.4-4 (bug #776164)
+	[squeeze] - archmage <no-dsa> (Minor issue)
+	[wheezy] - archmage <no-dsa> (Minor issue)
 CVE-2015-1419 (Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote ...)
 	- vsftpd <unfixed> (bug #776922)
 	NOTE: http://seclists.org/oss-sec/2015/q1/389
@@ -185,7 +187,11 @@
 	NOTE: http://downloads.digium.com/pub/security/AST-2015-001.html
 CVE-2013-XXXX [don't properly verify SSL certificates]
 	- xchat <unfixed> (bug #776609)
+	[squeeze] - xchat <no-dsa> (Minor issue)
+	[wheezy] - xchat <no-dsa> (Minor issue)
 	- xchat-gnome <unfixed>
+	[squeeze] - xchat-gnome <no-dsa> (Minor issue)
+	[wheezy] - xchat-gnome <no-dsa> (Minor issue)
 	- hexchat <unfixed>
 	NOTE: https://github.com/hexchat/hexchat/issues/524
 	NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
@@ -697,9 +703,9 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/24/3
 CVE-2015-1353 [PHP int overflow]
 	RESERVED
-	- php5 <undetermined>
+	- php5 <unfixed> (unimportant)
+	NOTE: Not a security issue, plain bug
 	NOTE: https://github.com/MegaManSec/php-src/commit/a538d2f5605798422f2746636ecdc300f8ebcaa1
-	TODO: check
 CVE-2015-XXXX [off-by-one buffer under-read in mspack/lzxd.c]
 	- libmspack 0.5-1 (bug #775499)
 CVE-2014-XXXX [null pointer dereference on a crafted CAB]
@@ -5161,8 +5167,6 @@
 	NOTE: https://moodle.org/mod/forum/discuss.php?d=278611#p1196676
 CVE-2015-0210 [wpa_supplicant: broken certificate subject check]
 	RESERVED
-	- wpa <unfixed>
-	- wpasupplicant <removed>
 	NOTE: likely to be REJECTed
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0210
 CVE-2015-0209

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2015-02-03 14:31:36 UTC (rev 31931)
+++ data/dsa-needed.txt	2015-02-03 15:24:48 UTC (rev 31932)
@@ -14,6 +14,8 @@
 --
 asterisk
 --
+icu
+--
 imagemagick
   no-dsa bugs CVE-2014-8354 CVE-2014-8355 CVE-2014-8562 CVE-2014-8716
   should be fixed along
@@ -50,6 +52,8 @@
 --
 phpmyadmin (thijs)
 --
+pound (thijs)
+-- 
 ruby1.8
 --
 ruby1.9.1

More information about the Secure-testing-commits mailing list