[Secure-testing-commits] r32458 - in data: . CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Tue Feb 24 16:23:44 UTC 2015 

Author: hertzog
Date: 2015-02-24 16:23:37 +0000 (Tue, 24 Feb 2015)
New Revision: 32458

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Mark the piwigo package as end-of-life, cf #779104

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-24 16:23:02 UTC (rev 32457)
+++ data/CVE/list	2015-02-24 16:23:37 UTC (rev 32458)
@@ -358,8 +358,12 @@
 	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8 (v2.6.14-rc3)
 CVE-2015-2035 (SQL injection vulnerability in the administrative backend in Piwigo ...)
 	- piwigo <removed>
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2015-2034 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
 	- piwigo <removed>
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2015-1878
 	RESERVED
 CVE-2015-1876
@@ -1200,6 +1204,8 @@
 	NOT-FOR-US: Redaxscript
 CVE-2015-1517 (SQL injection vulnerability in Piwigo before 2.7.4, when all filters ...)
 	- piwigo <removed>
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2015-1516
 	RESERVED
 CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
@@ -1680,6 +1686,8 @@
 	NOTE: Different from CVE-2014-9637
 CVE-2015-1441 (SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before ...)
 	- piwigo <removed>
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 	NOTE: http://piwigo.org/releases/2.7.3
 CVE-2015-1433 (program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...)
 	- roundcube 0.9.5+dfsg1-4.2 (low; bug #776700)
@@ -6157,6 +6165,8 @@
 	RESERVED
 CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in ...)
 	- piwigo <removed>
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 ...)
 	NOT-FOR-US: PFX Engagement
 CVE-2014-9111
@@ -18044,10 +18054,12 @@
 	NOTE: http://bugs.python.org/issue21766
 CVE-2014-4649 (SQL injection vulnerability in the photo-edit subsystem in Piwigo ...)
 	- piwigo <removed> (low)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-4648 (Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact ...)
 	- piwigo <removed> (low)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-4642
 	REJECTED
 CVE-2014-4641
@@ -18364,11 +18376,13 @@
 	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/pycadf/commit/?id=966d4410a1a69e0a3af678442a1a965dae80d720 (pycadf)
 CVE-2014-4614 (Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo ...)
 	- piwigo <removed> (low)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Minor issue)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-4613
 	RESERVED
 	- piwigo <removed> (low)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Minor issue)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-4510 (Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng ...)
 	- apt-cacher-ng 0.7.26-2
 	[wheezy] - apt-cacher-ng <no-dsa> (Minor issue)
@@ -19791,7 +19805,8 @@
 	NOT-FOR-US: Raritan Japan Dominion KX2-101 switches
 CVE-2014-3900 (Cross-site scripting (XSS) vulnerability in admin/picture_modify.php ...)
 	- piwigo <removed>
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to ...)
 	NOT-FOR-US: Gretech GOM Player
 CVE-2014-3898 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView ...)
@@ -25197,7 +25212,8 @@
 	RESERVED
 CVE-2014-1980 (Cross-site scripting (XSS) vulnerability in ...)
 	- piwigo <removed> (low)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2014-1979 (The NTT DOCOMO sp mode mail application 5900 through 6300 for Android ...)
 	NOT-FOR-US: NTT DOCOMO mail app
 CVE-2014-1978 (The application link interface in the NTT DOCOMO sp mode mail ...)
@@ -46423,11 +46439,13 @@
 	NOT-FOR-US: Geeklog
 CVE-2013-1469 (Directory traversal vulnerability in install.php in Piwigo before ...)
 	- piwigo <removed>
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 	NOTE: https://www.htbridge.com/advisory/HTB23144
 CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles ...)
 	- piwigo <removed>
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 	NOTE: https://www.htbridge.com/advisory/HTB23144
 CVE-2013-1467
 	RESERVED
@@ -61715,10 +61733,12 @@
 	NOT-FOR-US: Sony Bravia
 CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
 	- piwigo <removed> (bug #685364)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...)
 	- piwigo <removed> (bug #685364)
-	[squeeze] - piwigo <no-dsa> (Minor issue)
+	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
+	NOTE: Request to mark the package as unsupported in #779104
 CVE-2012-2207
 	RESERVED
 CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-02-24 16:23:02 UTC (rev 32457)
+++ data/dla-needed.txt	2015-02-24 16:23:37 UTC (rev 32458)
@@ -62,8 +62,6 @@
 --
 phpmyadmin
 --
-piwigo
---
 qemu
 --
 qt4-x11 (iESDebian)

More information about the Secure-testing-commits mailing list