[Secure-testing-commits] r49574 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Mar 10 17:34:52 UTC 2017 

Author: jmm
Date: 2017-03-10 17:34:52 +0000 (Fri, 10 Mar 2017)
New Revision: 49574

Modified:
   data/CVE/list
Log:
NFUs
drop old dovecot entry; the functionality was broken anyway, so this wasn't a risk for all practical purposes, also never got a CVE assignment


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-10 17:16:31 UTC (rev 49573)
+++ data/CVE/list	2017-03-10 17:34:52 UTC (rev 49574)
@@ -49333,7 +49333,7 @@
 	[squeeze] - xen <not-affected> (Only affects Xen on arm)
 	NOTE: http://xenbits.xen.org/xsa/advisory-158.html
 CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Bamboo
 CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles ...)
 	- linux 4.2.6-2
 	[jessie] - linux 3.16.7-ckt20-1+deb8u1
@@ -50383,13 +50383,6 @@
 	NOT-FOR-US: SAP
 CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) ...)
 	- steam <not-affected> (specific to the steam installor on windows)
-CVE-2015-XXXX [buffer overflow with handling pop3_deleted_flag setting]
-	- dovecot 1:2.2.21-1 (bug #803223)
-	[jessie] - dovecot <no-dsa> (Affected functionality unusable)
-	[wheezy] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
-	[squeeze] - dovecot <not-affected> (Bug with pop3_deleted_flag introduced in 2.2.10)
-	NOTE: http://hg.dovecot.org/dovecot-2.2/rev/05e0700daea3
-	TODO: The link in the previous line is broken. Please, consider replacing it. Error: 404
 CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c ...)
 	- linux <not-affected> (Vulnerable code not present)
 	- linux-2.6 <not-affected> (Vulnerable code not present)
@@ -77401,8 +77394,6 @@
 	[wheezy] - imagemagick <no-dsa> (Minor issue)
 	[squeeze] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
-	NOTE: Upstream commit: http://trac.imagemagick.org/changeset/16765
-	TODO: The link in the previous line is broken. Please, consider replacing it. Error: Name or service not known
 CVE-2014-8561 [Remotely DOS: convert +profile regression enters infinite loop exhausting memory]
 	RESERVED
 	- imagemagick 8:6.8.9.9-1 (bug #764872)
@@ -135851,9 +135842,7 @@
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
 CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
-	TODO: check
-	NOTE: It's not clear if this issue is in Geronimo itself,
-	NOTE: or in the servlet container it uses.
+	NOT-FOR-US: Apache Geronimo
 CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security & ...)
 	NOT-FOR-US: ConfigServer Security & Firewall
 CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to ...)

More information about the Secure-testing-commits mailing list