[Secure-testing-commits] r32826 - data/CVE

Thu Mar 12 18:49:14 UTC 2015

Author: jmm
Date: 2015-03-12 18:49:14 +0000 (Thu, 12 Mar 2015)
New Revision: 32826

Modified:
   data/CVE/list
Log:
various no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-03-12 18:20:29 UTC (rev 32825)
+++ data/CVE/list	2015-03-12 18:49:14 UTC (rev 32826)
@@ -2763,7 +2763,8 @@
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1)
 CVE-2014-9645 [modprobe wrongly accepts paths as module names]
 	RESERVED
-	- busybox 1:1.22.0-15 (bug #776186)
+	- busybox 1:1.22.0-15 (low; bug #776186)
+	[jessie] - busybox <no-dsa> (Minor issue)
 	[wheezy] - busybox <no-dsa> (Minor issue)
 	[squeeze] - busybox <no-dsa> (Minor issue)
 	NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652
@@ -3504,7 +3505,7 @@
 	NOTE: Applies to 0.8, but in different file (utvideo.c)
 	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
 	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
-	NOTE: Pending for 11.3
+	NOTE: Pending for 11.3 and 0.8.17
 CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...)
 	- ffmpeg 7:2.5.1-1
 	[squeeze] - ffmpeg <end-of-life>
@@ -21364,6 +21365,7 @@
 	RESERVED
 CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 ...)
 	- libspring-java <unfixed> (bug #769698)
+	[jessie] - libspring-java <no-dsa> (Minor issue)
 	[wheezy] - libspring-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
 	NOTE: https://jira.spring.io/browse/SPR-12354
@@ -21563,6 +21565,7 @@
 	RESERVED
 CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x ...)
 	- libspring-java <unfixed> (low; bug #760733)
+	[jessie] - libspring-java <no-dsa> (minor issue)
 	[wheezy] - libspring-java <no-dsa> (minor issue)
 	NOTE: Fixed in experimental with 3.2.12-1
 CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
@@ -21646,7 +21649,7 @@
 	[squeeze] - polarssl <no-dsa> (Minor issue)
 	[wheezy] - polarssl <no-dsa> (Minor issue)
 	- pound 2.6-6 (bug #765539)
-	[wheezy] - pound <unfixed>
+	[jessie] - pound <no-dsa> (Minor issue)
 	- surf <unfixed> (unimportant)
 	- tlslite <removed>
 	[wheezy] - tlslite <no-dsa> (Minor issue)


