[Secure-testing-commits] r32967 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2015-03-18 17:48:39 +0000 (Wed, 18 Mar 2015)
New Revision: 32967

Modified:
   data/CVE/list
   data/dsa-needed.txt
Log:
add mono to dsa-needed
vlc no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-18 15:31:37 UTC (rev 32966)
+++ data/CVE/list	2015-03-18 17:48:39 UTC (rev 32967)
@@ -14808,8 +14808,9 @@
 	RESERVED
 CVE-2014-6440 [Heap Overflow in VLC Transcode Module]
 	RESERVED
-	- vlc 2.1.5-1
-	TODO: check
+	- vlc 2.1.5-1 (low)
+	[wheezy] - vlc <no-dsa> (Minor issue)
+	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in ...)
 	- elasticsearch 1.0.3+dfsg-4 (bug #763958; low)
 CVE-2014-6438

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2015-03-18 15:31:37 UTC (rev 32966)
+++ data/dsa-needed.txt	2015-03-18 17:48:39 UTC (rev 32967)
@@ -28,6 +28,8 @@
 linux
   Wait until more severe issues have accumulated
 --
+mono
+--
 nss
   Red Hat has moved to 3.16 even in EL5, Ubuntu uses 3.17 across the LTSes, maybe we should follow that approach
 --