[Secure-testing-commits] r33082 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 23 15:51:06 UTC 2015 

Author: jmm
Date: 2015-03-23 15:51:06 +0000 (Mon, 23 Mar 2015)
New Revision: 33082

Modified:
   data/CVE/list
Log:
libjbcrypt-java, non-free unrar/rar no-dsa
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-23 15:16:18 UTC (rev 33081)
+++ data/CVE/list	2015-03-23 15:51:06 UTC (rev 33082)
@@ -16,7 +16,6 @@
 	- php5 <unfixed>
 	NOTE: https://bugs.php.net/bug.php?id=69085
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/20/14
-	TODO: check
 CVE-2015-XXXX [Improve the message-splitting algorithm for PRIVMSG and CTCP]
 	- quassel <unfixed> (bug #781024)
 	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
@@ -1529,7 +1528,6 @@
 	- libopensaml2-java <unfixed> (bug #780383)
 	NOTE: Only change between 2.6.4 and 2.6.5 seems http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/saml2/metadata/provider/AbstractReloadingMetadataProvider.java?r1=1656&r2=1680
 	NOTE: http://shibboleth.net/community/advisories/secadv_20150225.txt
-	TODO: check
 CVE-2015-1795
 	RESERVED
 	- glusterfs <not-affected> (Vulnerable code specific to glusterfs.spec and not present in source in Debian)
@@ -1863,13 +1861,13 @@
 CVE-2015-1637 (Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, ...)
 	NOT-FOR-US: Microsoft
 CVE-2015-1636 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2015-1635
 	RESERVED
 CVE-2015-1634 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2015-1633 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
-	TODO: check
+	NOT-FOR-US: Microsoft SharePoint
 CVE-2015-1632 (Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook ...)
 	TODO: check
 CVE-2015-1631 (Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows ...)
@@ -2783,9 +2781,11 @@
 	NOT-FOR-US: Gecko CMS
 CVE-2015-XXXX [symlink directory traversal]
 	- unrar-nonfree (bug #774171)
+	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
 CVE-2015-XXXX [symlink directory traversal]
 	- rar <unfixed> (bug #774172)
+	[jessie] - rar <no-dsa> (Non-free not supported)
 	[wheezy] - rar <no-dsa> (Non-free not supported)
 CVE-2015-XXXX [regular expression denial of service]
 	- node-marked <unfixed> (unimportant)
@@ -3732,39 +3732,39 @@
 CVE-2015-1085
 	RESERVED
 CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2015-1083 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1082 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1081 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1080 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1079 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1078 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1077 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1076 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1075 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1074 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1073 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1072 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1071 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1070 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1069 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...)
 	TODO: check
 CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...)
@@ -4598,6 +4598,7 @@
 	NOT-FOR-US: SEIL routers
 CVE-2015-0886 (Integer overflow in the crypt_raw method in the key-stretching ...)
 	- libjbcrypt-java <unfixed> (bug #780102)
+	[jessie] - libjbcrypt-java <no-dsa> (Minor issue)
 	[wheezy] - libjbcrypt-java <no-dsa> (Minor issue)
 	[squeeze] - libjbcrypt-java <no-dsa> (Minor issue)
 CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of ...)
@@ -5098,21 +5099,21 @@
 CVE-2015-0668
 	RESERVED
 CVE-2015-0667 (The Management Interface on Cisco Content Services Switch (CSS) 11500 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0666
 	RESERVED
 CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0664 (The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0663 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0662 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0661 (The SNMPv2 implementation in Cisco IOS XR allows remote authenticated ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0660 (Cisco Virtual TelePresence Server Software does not properly restrict ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0658

More information about the Secure-testing-commits mailing list