[Secure-testing-commits] r32496 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Feb 25 18:53:43 UTC 2015
Author: jmm
Date: 2015-02-25 18:53:43 +0000 (Wed, 25 Feb 2015)
New Revision: 32496
Modified:
data/CVE/list
Log:
libidn non-issue
add upstream fix for apache/lua
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-25 18:49:56 UTC (rev 32495)
+++ data/CVE/list 2015-02-25 18:53:43 UTC (rev 32496)
@@ -1461,13 +1461,8 @@
- jabberd2 <unfixed> (bug #779154)
NOTE: https://github.com/jabberd2/jabberd2/issues/85
NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
- TODO: check
CVE-2015-2059
- RESERVED
- - libidn <unfixed>
- NOTE: https://github.com/jabberd2/jabberd2/issues/85
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
- TODO: check
+ NOTE: Mis-use of an API (even if poorly documented) is hardly a security issue
CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...)
- openldap 2.4.40-4 (bug #776988)
[wheezy] - openldap <no-dsa> (Minor issue)
@@ -3629,8 +3624,8 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
CVE-2015-0833
RESERVED
- - iceweasel <not-affected> (specific to Firefox on Windows)
- - icedove <not-affected> (specific to Thunderbird on Windows)
+ - iceweasel <not-affected> (Specific to Firefox on Windows)
+ - icedove <not-affected> (Specific to Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
CVE-2015-0832
RESERVED
@@ -3653,7 +3648,7 @@
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
CVE-2015-0828
RESERVED
- - iceweasel <not-affected> (Does not affect ESR version)
+ - iceweasel <not-affected> (Doesn't affect the memory allocator used in the Debian builds)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
CVE-2015-0827
RESERVED
@@ -6961,6 +6956,7 @@
- apache2 <unfixed> (low)
[wheezy] - apache2 <not-affected> (no mod_lua in 2.2)
[squeeze] - apache2 <not-affected> (no mod_lua in 2.2)
+ NOTE: https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
CVE-2015-0227 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote ...)
- wss4j 1.6.15-2 (bug #777741)
CVE-2015-0226
More information about the Secure-testing-commits
mailing list