[Secure-testing-commits] r31433 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2015-01-17 16:19:45 +0000 (Sat, 17 Jan 2015)
New Revision: 31433

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
add to dsa-needed: unace, ruby1.8
no-dsa: python-imaging, check-mk, pax, roundcube
filed bug for roundcube


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-17 15:57:04 UTC (rev 31432)
+++ data/CVE/list	2015-01-17 16:19:45 UTC (rev 31433)
@@ -514,6 +514,8 @@
 	NOTE: https://www.sqlite.org/src/info/a59ae93ee990a55
 CVE-2015-XXXX [directory traversal]
 	- pax <unfixed> (bug #774716)
+	[squeeze] - pax <no-dsa> (Minor issue)
+	[wheezy] - pax <no-dsa> (Minor issue)
 	NOTE: CVE request: http://www.openwall.com/lists/oss-security/2015/01/12/4
 CVE-2015-XXXX [directory traversal]
 	- kgb <unfixed> (bug #774989)
@@ -1455,7 +1457,9 @@
 	[wheezy] - lftp <no-dsa> (Minor issue)
 CVE-2014-9587 [possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins]
 	RESERVED
-	- roundcube <unfixed>
+	- roundcube <unfixed> (bug #775576)
+	[squeeze] - roundcube <no-dsa> (Minor issue)
+	[wheezy] - roundcube <no-dsa> (Minor issue)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
 CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in ...)
 	- wireshark <unfixed>
@@ -1724,6 +1728,7 @@
 CVE-2015-XXXX [DoS]
 	- pillow <unfixed>
 	- python-imaging <removed>
+	[wheezy] - python-imaging <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
 	NOTE: http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
 	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142055745031061&w=2
@@ -1811,10 +1816,14 @@
 	[squeeze] - arc <no-dsa> (Minor issue)
 CVE-2015-0557 [directory traversal via //multiple/leading/slash]
 	RESERVED
-	- arj <unfixed> (bug #774435)
+	- arj <unfixed> (low; bug #774435)
+	[squeeze] - arj <no-dsa> (Minor issue)
+	[wheezy] - arj <no-dsa> (Minor issue)
 CVE-2015-0556 [symlink directory traversal]
 	RESERVED
-	- arj <unfixed> (bug #774434)
+	- arj <unfixed> (low; bug #774434)
+	[squeeze] - arj <no-dsa> (Minor issue)
+	[wheezy] - arj <no-dsa> (Minor issue)
 CVE-2014-9529 (Race condition in the key_gc_unused_keys function in ...)
 	{DSA-3128-1}
 	- linux 3.16.7-ckt4-1
@@ -12903,6 +12912,7 @@
 	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18
 CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite ...)
 	- check-mk <unfixed> (bug #758883)
+	[wheezy] - check-mk <no-dsa> (Minor issue)
 	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=076468b10e660abdeaaaa6c459a4aa3ce8e07
 CVE-2014-5337 (The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not ...)
 	NOT-FOR-US: WordPress plugin Mobile Pack

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2015-01-17 15:57:04 UTC (rev 31432)
+++ data/dsa-needed.txt	2015-01-17 16:19:45 UTC (rev 31433)
@@ -48,6 +48,8 @@
 --
 requests
 --
+ruby1.8
+--
 ruby1.9.1
   (no-dsa issues CVE-2013-2065 and CVE-2014-4975 could be fixed along)
 --
@@ -61,6 +63,8 @@
 --
 typo3-src
 --
+unace
+--
 unrtf (carnil)
 --
 wireshark