[Secure-testing-commits] r31676 - data/CVE

[Michael Gilbert]

Author: mgilbert
Date: 2015-01-26 04:03:54 +0000 (Mon, 26 Jan 2015)
New Revision: 31676

Modified:
   data/CVE/list
Log:
some perl triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-26 02:54:03 UTC (rev 31675)
+++ data/CVE/list	2015-01-26 04:03:54 UTC (rev 31676)
@@ -2674,10 +2674,7 @@
 	[squeeze] - libsndfile <no-dsa> (Minor issue)
 	[wheezy] - libsndfile <no-dsa> (Minor issue)
 CVE-2014-XXXX [a2p: buffer overflow]
-	- perl <unfixed> (low; bug #769606)
-	[jessie] - perl <no-dsa> (Minor issue)
-	[squeeze] - perl <no-dsa> (Minor issue)
-	[wheezy] - perl <no-dsa> (Minor issue)
+	- perl <unfixed> (unimportant; bug #769606)
 CVE-2014-9486
 	REJECTED
 CVE-2014-9497 [Buffer overflow]
@@ -55031,7 +55028,7 @@
 	RESERVED
 CVE-2012-3878 [Perl require Directive Path Subversion Arbitrary Module / File Loading Weakness]
 	RESERVED
-	- perl <undetermined>
+	- perl <unfixed> (unimportant; bug #776270)
 	NOTE: http://osvdb.org/show/osvdb/106565
 CVE-2012-3877
 	RESERVED
@@ -67479,7 +67476,7 @@
 	NOT-FOR-US: perl Batch::BatchRun CPAN module
 CVE-2011-4116
 	RESERVED
-	- perl <unfixed> (unimportant)
+	- perl <unfixed> (unimportant; bug #776268)
 	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177
 CVE-2011-4115
 	RESERVED
@@ -75261,8 +75258,9 @@
 	{DSA-2223-1}
 	- doctrine 1.2.4-1 (bug #622674)
 CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, ...)
-	- perl <unfixed> (unimportant; bug #628836)
+	- perl 5.20.1-1 (unimportant; bug #628836)
 	NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug
+	NOTE: likely fixed sometime around 5.18, but 5.20 was the version checked
 CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c in ...)
 	- libpng 1.2.39-1 (unimportant)
 CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions ...)