[Secure-testing-commits] r33237 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2015-03-29 17:26:39 +0000 (Sun, 29 Mar 2015)
New Revision: 33237

Modified:
   data/CVE/list
Log:
dokuwiki no-dsa
mark cups as unimportant
vlc n/a in wheezy


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-03-29 14:15:31 UTC (rev 33236)
+++ data/CVE/list	2015-03-29 17:26:39 UTC (rev 33237)
@@ -869,6 +869,8 @@
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
 CVE-2015-XXXX [Insufficient escaping in user manager allows XSS attack]
 	- dokuwiki 0.0.20140929.d-1 (bug #780817)
+	[wheezy] - dokuwiki <no-dsa> (Minor issue)
+	[squeeze] - dokuwiki <no-dsa> (Minor issue)
 CVE-2015-XXXX [Incorrect fix for CVE-2012-1836]
 	- inspircd 2.0.16-1 (bug #780880)
 	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
@@ -11692,10 +11694,9 @@
 	NOT-FOR-US: Red Hat vdms and vdsclient
 CVE-2014-8166 [code execution via unescape ANSI escape sequences]
 	RESERVED
-	- cups <unfixed> (low)
-	[wheezy] - cups <no-dsa> (Minor issue)
-	[squeeze] - cups <no-dsa> (Minor issue)
+	- cups <unfixed> (unimportant)
 	NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761
+        NOTE: Terminal emulators need to perform proper escaping
 CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the ...)
 	- powerpc-utils <not-affected> (Vulnerable code not present)
 	NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
@@ -15914,7 +15915,7 @@
 CVE-2014-6440 [Heap Overflow in VLC Transcode Module]
 	RESERVED
 	- vlc 2.1.5-1 (low)
-	[wheezy] - vlc <no-dsa> (Minor issue)
+	[wheezy] - vlc <not-affected> (Introduced in 2.1)
 	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in ...)
 	- elasticsearch 1.0.3+dfsg-4 (bug #763958; low)