[Secure-testing-commits] r31223 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jan 9 17:01:40 UTC 2015 

Author: jmm
Date: 2015-01-09 17:01:40 +0000 (Fri, 09 Jan 2015)
New Revision: 31223

Modified:
   data/CVE/list
Log:
mark libv8 issues as unimportant since they are not covered by security support
  (the maintainers want to keep the bugs open in the BTS and tag them -ignore,
   but for the security tracker we keep the existing method to mark unsupported
   packages as unimportant)
zoo, xbindkeys-config no-dsa for jessie


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-09 15:54:36 UTC (rev 31222)
+++ data/CVE/list	2015-01-09 17:01:40 UTC (rev 31223)
@@ -385,6 +385,7 @@
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
 CVE-2015-XXXX [Zoo directory traversal]
 	- zoo <unfixed> (low; bug #774453)
+	[jessie] - zoo <no-dsa> (Minor issue)
 	[wheezy] - zoo <no-dsa> (Minor issue)
 	[squeeze] - zoo <no-dsa> (Minor issue)
 CVE-2015-XXXX [buffer over-read]
@@ -406,6 +407,7 @@
 CVE-2014-9513 [insecure use of temporary files]
 	RESERVED
 	- xbindkeys-config <unfixed> (bug #772473)
+	[jessie] - xbindkeys-config <no-dsa> (Minor issue)
 	[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
 	[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
 CVE-2014-9495 [Heap Overflow]
@@ -21274,7 +21276,8 @@
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	- libv8 <removed>
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -21282,7 +21285,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2014-1703 (Use-after-free vulnerability in the ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -27172,7 +27176,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -27242,7 +27247,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
 	{DSA-2862-1}
 	- chromium-browser 32.0.1700.123-1
@@ -27250,7 +27256,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2013-6648
 	RESERVED
 CVE-2013-6647
@@ -27298,9 +27305,10 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
 	- chromium-browser 31.0.1650.63-1
 	[squeeze] - chromium-browser <end-of-life>
+	NOTE: libv8 not covered by security support
 CVE-2013-6637 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2811-1}
 	- chromium-browser 31.0.1650.63-1
@@ -36885,7 +36893,8 @@
 	- libv8 <unfixed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2013-2918 (Use-after-free vulnerability in the ...)
 	{DSA-2785-1}
 	- chromium-browser 30.0.1599.101-1
@@ -37039,7 +37048,8 @@
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
-	- libv8-3.14 <unfixed> (bug #773671)
+	- libv8-3.14 <unfixed> (unimportant; bug #773671)
+	NOTE: libv8 not covered by security support
 CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, ...)
 	{DSA-2732-1}
 	- chromium-browser 28.0.1500.95-1

More information about the Secure-testing-commits mailing list