[Secure-testing-commits] r32964 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 18 13:37:22 UTC 2015
Author: carnil
Date: 2015-03-18 13:37:22 +0000 (Wed, 18 Mar 2015)
New Revision: 32964
Modified:
data/CVE/list
Log:
Clean up CVE request entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-18 13:30:47 UTC (rev 32963)
+++ data/CVE/list 2015-03-18 13:37:22 UTC (rev 32964)
@@ -19,7 +19,7 @@
- php5 <unfixed> (bug #780713)
NOTE: https://bugs.php.net/bug.php?id=69253
NOTE: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/18/1
+ NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/1
CVE-2015-2330 [WebKitGTK+ late TLS certificate verification]
- webkitgtk <unfixed> (unimportant)
NOTE: Not covered by security support
@@ -129,7 +129,7 @@
- openssl 0.9.8k-1
NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k)
NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/16/4
+ NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4
CVE-2015-2298 [information leak]
RESERVED
- etherpad-lite <itp> (bug #576998)
@@ -1849,7 +1849,7 @@
- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/1
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/1
CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and ...)
{DSA-3177-1 DLA-170-1}
- mod-gnutls 0.6-1.3 (bug #578663)
@@ -1995,7 +1995,7 @@
NOTE: No security impact in nvi/vigor and openrpt
NOTE: http://www.kb.cert.org/vuls/id/695940
NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/16/8
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/16/8
CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
- nut 2.7.2-2 (low; bug #777706)
[wheezy] - nut <no-dsa> (Minor issue)
@@ -2176,7 +2176,7 @@
NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/04/10
+ NOTE: http://www.openwall.com/lists/oss-security/2015/01/04/10
CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
{DSA-3188-1}
- freetype 2.5.2-3 (bug #777656)
@@ -2306,7 +2306,7 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: Upstream patch: https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
NOTE: https://www.mantisbt.org/bugs/view.php?id=19301
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/09/10
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/10
NOTE: CVE for specific portion of the original May 2014 adm_config_report.php discovery
NOTE: that remains present in version 1.2.18 and 1.2.19
CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
@@ -2399,7 +2399,7 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/13
+ NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
- libfcgi 2.4.0-8.3 (bug #681591)
More information about the Secure-testing-commits
mailing list