[Secure-testing-commits] r32582 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 2 18:18:32 UTC 2015 

Author: jmm
Date: 2015-03-02 18:18:32 +0000 (Mon, 02 Mar 2015)
New Revision: 32582

Modified:
   data/CVE/list
Log:
xterm non-issue
rope no-dsa
neutron already fixed a long time ago
kgb-bot short of actionable information so far, setting to undetermined until the reporter provides further information


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-02 18:15:00 UTC (rev 32581)
+++ data/CVE/list	2015-03-02 18:18:32 UTC (rev 32582)
@@ -18,9 +18,6 @@
 	- putty 0.63-10
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
 	NOTE: https://www.trustmatta.com/advisories/MATTA-2015-002.txt (not yet published)
-CVE-2015-XXXX [buffer overflow with -S option]
-	- xterm 312-2 (bug #779397)
-	TODO: check security impact
 CVE-2015-2172 [DokuWiki privilege escalation in RPC API]
 	- dokuwiki <unfixed> (bug #779547)
 	NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
@@ -2097,7 +2094,7 @@
 	NOT-FOR-US: typo3 extension
 CVE-2015-1554 [can be crashed by some network traffic]
 	RESERVED
-	- kgb-bot <unfixed> (bug #776424)
+	- kgb-bot <undetermined> (bug #776424)
 CVE-2014-XXXX [Digest authentification never replay Ldap requests]
 	- squid <undetermined>
 	- squid3 3.4.8-6 (bug #776464)
@@ -21168,6 +21165,7 @@
 CVE-2014-3539 [pickle.load of remotely supplied data with no authentication required]
 	RESERVED
 	- rope <unfixed> (bug #777525)
+	[jessie] - rope <no-dsa> (Minor issue)
 	[squeeze] - rope <no-dsa> (Minor issue)
 	[wheezy] - rope <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1116485
@@ -33031,7 +33029,8 @@
 CVE-2013-6433 (The default configuration in the Red Hat openstack-neutron package ...)
 	- quantum <removed>
 	[wheezy] - quantum <no-dsa> (Minor issue)
-	- neutron <unfixed>
+	- neutron 2014.1-1
+	NOTE: Likely fixed even earlier than 2014.1-1, but that was the oldest version checked
 CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...)
 	- linux 3.12.6-1
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11)

More information about the Secure-testing-commits mailing list