[Secure-testing-commits] r31217 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jan 9 13:30:05 UTC 2015


Author: jmm
Date: 2015-01-09 13:30:05 +0000 (Fri, 09 Jan 2015)
New Revision: 31217

Modified:
   data/CVE/list
Log:
ha no-dsa
nodejs issue was tracked down to libv8
cgminer not affected by cpuminer


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-09 13:08:33 UTC (rev 31216)
+++ data/CVE/list	2015-01-09 13:30:05 UTC (rev 31217)
@@ -1,5 +1,7 @@
 CVE-2015-XXXX [directory traversal vulnerabilities]
-	- ha <unfixed> (bug #774954)
+	- ha <unfixed> (low; bug #774954)
+	[squeeze] - ha <no-dsa> (Minor issue)
+	[wheezy] - ha <no-dsa> (Minor issue)
 CVE-2015-XXXX [jar: directory traversal]
 	- openjdk-7 <unfixed> (bug #774953)
 	- openjdk-6 <undetermined>
@@ -7196,7 +7198,10 @@
 CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly restrict ...)
 	NOT-FOR-US: Crumb
 CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package ...)
-	- nodejs <unfixed> (bug #773623)
+	- libv8 <removed>
+	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
+	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
+	- libv8-3.14 <unfixed> (bug #773623)
 CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact ...)
 	- node-qs 2.2.4-1
 	NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
@@ -9424,7 +9429,7 @@
 	[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
 	[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
 CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote ...)
-	- cgminer <unfixed> (bug #773624)
+	NOT-FOR-US: CPUMiner, related to cgminer according to #773624
 CVE-2014-6250
 	RESERVED
 CVE-2014-6249




More information about the Secure-testing-commits mailing list