[Secure-testing-commits] r31280 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 12 06:17:49 UTC 2015
Author: jmm
Date: 2015-01-12 06:17:48 +0000 (Mon, 12 Jan 2015)
New Revision: 31280
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
mantis no-dsa
privoxy bug
add p7zip to dsa-needed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-11 22:08:51 UTC (rev 31279)
+++ data/CVE/list 2015-01-12 06:17:48 UTC (rev 31280)
@@ -879,12 +879,13 @@
[wheezy] - weboob <no-dsa> (Minor issue)
CVE-2015-1042 [Incomplete fix for CVE-2014-6316 in 1.2.18]
- mantis <removed>
+ [wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <not-affected> (Incomplete fix not applied)
CVE-2015-1031 [use-after-free]
- - privoxy <unfixed>
+ - privoxy <unfixed> (bug #775167)
NOTE: http://www.privoxy.org/announce.txt
CVE-2015-1030 [memory leak when rejecting client connections]
- - privoxy <unfixed>
+ - privoxy <unfixed> (bug #775167)
NOTE: http://www.privoxy.org/announce.txt
CVE-2015-XXXX [cpio directory traversal]
- cpio <unfixed> (low; bug #774669)
@@ -1322,7 +1323,7 @@
CVE-2014-9482 [dwarfdump use after free]
RESERVED
- dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530)
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/12/31/3
+ NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...)
{DSA-3117-1}
- php5 <unfixed>
@@ -13134,7 +13135,7 @@
CVE-2014-5032 [glpi: unprivileged users can access cost information]
RESERVED
- glpi <unfixed> (unimportant)
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/07/22/6
+ NOTE: http://www.openwall.com/lists/oss-security/2014/07/22/6
NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have ...)
{DSA-2990-1 DLA-0022-1}
@@ -34644,7 +34645,7 @@
CVE-2013-4223 (The Gentoo Nullmailer package before 1.11-r2 uses world-readable ...)
- nullmailer 1:1.11-2 (low; bug #684619)
[squeeze] - nullmailer <no-dsa> (Minor issue)
- NOTE: CVE request originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
+ NOTE: CVE originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
NOTE: had the same problem until 1:1.11-2
CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, ...)
- keystone 2013.1.3-1 (bug #719290)
@@ -46033,15 +46034,15 @@
CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode ...)
- wordpress 3.5.1+dfsg-1 (bug #698929)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
+ NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...)
- wordpress 3.5.1+dfsg-1 (bug #698927)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
+ NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to ...)
- wordpress 3.5.1+dfsg-1 (bug #698916)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
+ NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
- elgg <itp> (bug #526197)
CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
@@ -46152,7 +46153,7 @@
- dnsmasq 2.66-1 (low)
[wheezy] - dnsmasq <no-dsa> (Minor issue)
[squeeze] - dnsmasq <no-dsa> (Minor issue)
- NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/18/2
+ NOTE: http://www.openwall.com/lists/oss-security/2013/01/18/2
CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the ...)
- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2015-01-11 22:08:51 UTC (rev 31279)
+++ data/dsa-needed.txt 2015-01-12 06:17:48 UTC (rev 31280)
@@ -34,6 +34,8 @@
NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
(#744717)
--
+p7zip
+--
rpm (jmm)
--
ruby1.9.1
More information about the Secure-testing-commits
mailing list