[Secure-testing-commits] r35452 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Tue Jul 14 03:39:37 UTC 2015 

Author: benh
Date: 2015-07-14 03:39:35 +0000 (Tue, 14 Jul 2015)
New Revision: 35452

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze-lts

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-13 20:11:05 UTC (rev 35451)
+++ data/CVE/list	2015-07-14 03:39:35 UTC (rev 35452)
@@ -5457,18 +5457,22 @@
 CVE-2015-3275 [Javascript injection in SCORM module]
 	RESERVED
 	- moodle <unfixed> (bug #792242)
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
 CVE-2015-3274 [Possible XSS through custom text profile fields in Web Services]
 	RESERVED
 	- moodle <unfixed> (bug #792242)
+	[squeeze] - moodle <not-affected> (Only similar function looks like the fixed version)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
 CVE-2015-3273 [Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum]
 	RESERVED
 	- moodle <not-affected> (Affects only 2.9)
+	[squeeze] - moodle <not-affected> (Affects only 2.9)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220
 CVE-2015-3272 [Possible phishing when redirecting to external site using referer header]
 	RESERVED
 	- moodle <unfixed> (bug #792242)
+	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
 CVE-2015-3271
 	RESERVED
@@ -8157,11 +8161,13 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
 CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
 	- quassel 1:0.10.0-2.3 (bug #781024)
+	[squeeze] - quassel <unfixed>
 	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
 	TODO: check affected versions
 CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when ...)
 	- quassel 1:0.10.0-2.3 (bug #781024)
+	[squeeze] - quassel <unfixed>
 	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
 	TODO: check affected versions
@@ -23776,8 +23782,12 @@
 CVE-2014-6438
 	RESERVED
 	- ruby1.9.1 1.9.3.0-1
+	[squeeze] - ruby1.9.1 <unfixed>
+	[squeeze] - ruby1.8 <not-affected> (Vulnerable code not present)
 	NOTE: https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/
 	NOTE: https://github.com/ruby/www.ruby-lang.org/issues/817
+	NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb
+	NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943
 CVE-2014-6437
 	RESERVED
 CVE-2014-6436

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-07-13 20:11:05 UTC (rev 35451)
+++ data/dla-needed.txt	2015-07-14 03:39:35 UTC (rev 35452)
@@ -65,6 +65,10 @@
 --
 wesnoth-1.8
 --
+ruby1.9.1 (Ben Hutchings)
+--
+quassel
+--

More information about the Secure-testing-commits mailing list