[Secure-testing-commits] r31691 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Jan 26 12:29:50 UTC 2015 

Author: jmm
Date: 2015-01-26 12:29:50 +0000 (Mon, 26 Jan 2015)
New Revision: 31691

Modified:
   data/CVE/list
Log:
mark open node-* issues as unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-26 12:08:03 UTC (rev 31690)
+++ data/CVE/list	2015-01-26 12:29:50 UTC (rev 31691)
@@ -14,9 +14,10 @@
 	NOTE: Upstream report: https://savannah.gnu.org/bugs/?44059
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/24/2
 CVE-2015-XXXX
-	- node-marked <unfixed>
+	- node-marked <unfixed> (unimportant)
 	NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
 	NOTE: https://github.com/chjj/marked/issues/492
+        NOTE: libv8 is not covered by security support
 CVE-2013-7421 [Linux kernel crypto api unprivileged arbitrary module load]
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -793,7 +794,8 @@
 CVE-2014-9634 [Secure flag not set]
 	- jenkins 1.565.3-3 (bug #769682)
 CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 ...)
-	- node-serve-static <unfixed> (bug #775843)
+	- node-serve-static <unfixed> (unimportant; bug #775843)
+        NOTE: libv8 is not covered by security support
 	NOTE: https://nodesecurity.io/advisories/serve-static-open-redirect
 	NOTE: https://github.com/expressjs/serve-static/issues/26
 CVE-2015-1048 (Open redirect vulnerability in the integrated web server on Siemens ...)
@@ -13527,7 +13529,8 @@
 	NOTE: http://article.gmane.org/gmane.comp.web.haproxy/18097
 	NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c
 CVE-2014-5256 (Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider ...)
-	- nodejs <unfixed> (bug #760385)
+	- nodejs <unfixed> (unimportant; bug #760385)
+        NOTE: libv8 is not covered by security support
 CVE-2014-7402 (The SK encar (aka com.encardirect.app) application @7F050000 for ...)
 	NOT-FOR-US: SK encar (aka com.encardirect.app) application for Android
 CVE-2013-7402 (Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x ...)

More information about the Secure-testing-commits mailing list