Author: jmm Date: 2014-12-08 17:43:52 +0000 (Mon, 08 Dec 2014) New Revision: 30594
Modified: data/CVE/list data/DSA/list Log: jenkins, cinder,nova no-dsa for jessie add missing CVE ID to icedove DSA ganglia unimportant xen n/a Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-12-08 17:40:39 UTC (rev 30593) +++ data/CVE/list 2014-12-08 17:43:52 UTC (rev 30594) @@ -568,13 +568,13 @@ CVE-2014-9066 [XSA-111] RESERVED - xen <unfixed> - [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts) - TODO: check + [wheezy] - xen <not-affected> (Only affects 4.2 and later) + [squeeze] - xen <not-affected> (Only affects 4.2 and later) CVE-2014-9065 [XSA-114] RESERVED - xen <unfixed> - [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts) - TODO: check + [wheezy] - xen <not-affected> (Only affects 4.2 and later) + [squeeze] - xen <not-affected> (Only affects 4.2 and later) CVE-2014-9064 RESERVED CVE-2014-9063 @@ -14111,9 +14111,8 @@ CVE-2014-3665 RESERVED - jenkins <unfixed> (bug #767541) - [jessie] - jenkins 1.565.3-3 + [jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is documented as such) NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented, - NOTE: marking that version as fixed, for unstable we'll record the actual new version with the code fix NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30 CVE-2014-3664 (Directory traversal vulnerability in CloudBees Jenkins before 1.583 ...) - jenkins 1.565.3-1 (bug #763899) @@ -26610,9 +26609,9 @@ - python-swiftclient 1:2.0.2-1 (bug #730626) NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783 CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...) - - ganglia-web <unfixed> (bug #730507) + - ganglia-web <unfixed> (unimportant; bug #730507) [squeeze] - ganglia <not-affected> (Vulnerable code not present) - [wheezy] - ganglia <no-dsa> (Minor issue) + NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 - ganglia 3.6.0-1 NOTE: ganglia-web and ganglia are now two separate source packages NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed @@ -37290,10 +37289,12 @@ CVE-2013-2255 [Inconsistent and non-validating HTTPS client] RESERVED - cinder <unfixed> + [jessie] - cinder <no-dsa> (Minor issue) - keystone 2014.1-1 [wheezy] - keystone <no-dsa> (Minor issue) - nova <unfixed> [wheezy] - nova <no-dsa> (Minor issue) + [jessie] - nova <no-dsa> (Minor issue) - quantum <unfixed> [wheezy] - quantum <no-dsa> (Minor issue) - swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5) Modified: data/DSA/list =================================================================== --- data/DSA/list 2014-12-08 17:40:39 UTC (rev 30593) +++ data/DSA/list 2014-12-08 17:43:52 UTC (rev 30594) @@ -1,5 +1,5 @@ [07 Dec 2014] DSA-3092-1 icedove - security update - {CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594} + {CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594 CVE-2014-3566} [wheezy] - icedove 31.3.0-1~deb7u1 [07 Dec 2014] DSA-3091-1 getmail4 - security update {CVE-2014-7273 CVE-2014-7274 CVE-2014-7275} _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits