[Secure-testing-commits] r49574 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Mar 10 17:34:52 UTC 2017
Author: jmm
Date: 2017-03-10 17:34:52 +0000 (Fri, 10 Mar 2017)
New Revision: 49574
Modified:
data/CVE/list
Log:
NFUs
drop old dovecot entry; the functionality was broken anyway, so this wasn't a risk for all practical purposes, also never got a CVE assignment
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-10 17:16:31 UTC (rev 49573)
+++ data/CVE/list 2017-03-10 17:34:52 UTC (rev 49574)
@@ -49333,7 +49333,7 @@
[squeeze] - xen <not-affected> (Only affects Xen on arm)
NOTE: http://xenbits.xen.org/xsa/advisory-158.html
CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
- TODO: check
+ NOT-FOR-US: Atlassian Bamboo
CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles ...)
- linux 4.2.6-2
[jessie] - linux 3.16.7-ckt20-1+deb8u1
@@ -50383,13 +50383,6 @@
NOT-FOR-US: SAP
CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) ...)
- steam <not-affected> (specific to the steam installor on windows)
-CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
- - dovecot 1:2.2.21-1 (bug #803223)
- [jessie] - dovecot <no-dsa> (Affected functionality unusable)
- [wheezy] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
- [squeeze] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
- NOTE: http://hg.dovecot.org/dovecot-2.2/rev/05e0700daea3
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: 404
CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c ...)
- linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
@@ -77401,8 +77394,6 @@
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
- NOTE: Upstream commit: http://trac.imagemagick.org/changeset/16765
- TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
CVE-2014-8561 [Remotely DOS: convert +profile regression enters infinite loop exhausting memory]
RESERVED
- imagemagick 8:6.8.9.9-1 (bug #764872)
@@ -135851,9 +135842,7 @@
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
- TODO: check
- NOTE: It's not clear if this issue is in Geronimo itself,
- NOTE: or in the servlet container it uses.
+ NOT-FOR-US: Apache Geronimo
CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security & ...)
NOT-FOR-US: ConfigServer Security & Firewall
CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to ...)
More information about the Secure-testing-commits
mailing list