[Secure-testing-commits] r32032 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Feb 6 17:31:49 UTC 2015
Author: jmm
Date: 2015-02-06 17:31:49 +0000 (Fri, 06 Feb 2015)
New Revision: 32032
Modified:
data/CVE/list
Log:
add jqueryui to dsa-needed
one jqueryui issue n/a
record earlier fixed version for glibc issue
new rabbitmq issue (no-dsa)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-06 17:31:22 UTC (rev 32031)
+++ data/CVE/list 2015-02-06 17:31:49 UTC (rev 32032)
@@ -356,11 +356,11 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/29/23
CVE-2013-7424 [Invalid-free when using getaddrinfo()]
RESERVED
- - glibc 2.19-4
- - eglibc 2.17-2
+ - glibc 2.15-1
+ - eglibc 2.15-1
NOTE: http://seclists.org/oss-sec/2015/q1/306
NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
- NOTE: 2.19-4 first version after the eglibc -> glibc rename which was in unstable
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
CVE-2015-1421 [net: sctp: slab corruption from use after free on INIT collisions]
RESERVED
- linux 3.16.7-ckt4-3
@@ -1993,9 +1993,9 @@
CVE-2015-0863
RESERVED
CVE-2015-0862 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
- - rabbitmq-server <unfixed>
+ - rabbitmq-server 3.4.3-1
+ [wheezy] - rabbitmq-server <no-dsa> (Minor issue)
[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
- TODO: check
CVE-2015-0861
RESERVED
CVE-2015-0860
@@ -10312,6 +10312,7 @@
RESERVED
CVE-2012-6662 (Cross-site scripting (XSS) vulnerability in the default content option ...)
- jqueryui 1.10.1+dfsg-1
+ [wheezy] - jqueryui <not-affected> (ui.tooltip not yet present)
[squeeze] - jqueryui <not-affected> (code not present)
NOTE: http://bugs.jqueryui.com/ticket/8861
NOTE: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
More information about the Secure-testing-commits
mailing list