[Secure-testing-commits] r31217 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Jan 9 13:30:05 UTC 2015
Author: jmm
Date: 2015-01-09 13:30:05 +0000 (Fri, 09 Jan 2015)
New Revision: 31217
Modified:
data/CVE/list
Log:
ha no-dsa
nodejs issue was tracked down to libv8
cgminer not affected by cpuminer
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-09 13:08:33 UTC (rev 31216)
+++ data/CVE/list 2015-01-09 13:30:05 UTC (rev 31217)
@@ -1,5 +1,7 @@
CVE-2015-XXXX [directory traversal vulnerabilities]
- - ha <unfixed> (bug #774954)
+ - ha <unfixed> (low; bug #774954)
+ [squeeze] - ha <no-dsa> (Minor issue)
+ [wheezy] - ha <no-dsa> (Minor issue)
CVE-2015-XXXX [jar: directory traversal]
- openjdk-7 <unfixed> (bug #774953)
- openjdk-6 <undetermined>
@@ -7196,7 +7198,10 @@
CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly restrict ...)
NOT-FOR-US: Crumb
CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package ...)
- - nodejs <unfixed> (bug #773623)
+ - libv8 <removed>
+ [wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
+ [squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+ - libv8-3.14 <unfixed> (bug #773623)
CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact ...)
- node-qs 2.2.4-1
NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
@@ -9424,7 +9429,7 @@
[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote ...)
- - cgminer <unfixed> (bug #773624)
+ NOT-FOR-US: CPUMiner, related to cgminer according to #773624
CVE-2014-6250
RESERVED
CVE-2014-6249
More information about the Secure-testing-commits
mailing list