Author: jmm
Date: 2014-12-08 17:43:52 +0000 (Mon, 08 Dec 2014)
New Revision: 30594
Modified:
data/CVE/list
data/DSA/list
Log:
jenkins, cinder,nova no-dsa for jessie
add missing CVE ID to icedove DSA
ganglia unimportant
xen n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-08 17:40:39 UTC (rev 30593)
+++ data/CVE/list 2014-12-08 17:43:52 UTC (rev 30594)
@@ -568,13 +568,13 @@
CVE-2014-9066 [XSA-111]
RESERVED
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
- TODO: check
+ [wheezy] - xen <not-affected> (Only affects 4.2 and later)
+ [squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9065 [XSA-114]
RESERVED
- xen <unfixed>
- [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
- TODO: check
+ [wheezy] - xen <not-affected> (Only affects 4.2 and later)
+ [squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9064
RESERVED
CVE-2014-9063
@@ -14111,9 +14111,8 @@
CVE-2014-3665
RESERVED
- jenkins <unfixed> (bug #767541)
- [jessie] - jenkins 1.565.3-3
+ [jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is
documented as such)
NOTE: For jessie, the backport is too intrusive and since it's a
cornercase, it's only documented,
- NOTE: marking that version as fixed, for unstable we'll record the
actual new version with the code fix
NOTE:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
CVE-2014-3664 (Directory traversal vulnerability in CloudBees Jenkins before
1.583 ...)
- jenkins 1.565.3-1 (bug #763899)
@@ -26610,9 +26609,9 @@
- python-swiftclient 1:2.0.2-1 (bug #730626)
NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in
Ganglia Web ...)
- - ganglia-web <unfixed> (bug #730507)
+ - ganglia-web <unfixed> (unimportant; bug #730507)
[squeeze] - ganglia <not-affected> (Vulnerable code not present)
- [wheezy] - ganglia <no-dsa> (Minor issue)
+ NOTE: See README.Debian.security, only supported behind an
authenticated HTTP zone, #702776
- ganglia 3.6.0-1
NOTE: ganglia-web and ganglia are now two separate source packages
NOTE: starting with 3.6.0-1 the web front is no longer built from
src:ganglia so marking this version as fixed
@@ -37290,10 +37289,12 @@
CVE-2013-2255 [Inconsistent and non-validating HTTPS client]
RESERVED
- cinder <unfixed>
+ [jessie] - cinder <no-dsa> (Minor issue)
- keystone 2014.1-1
[wheezy] - keystone <no-dsa> (Minor issue)
- nova <unfixed>
[wheezy] - nova <no-dsa> (Minor issue)
+ [jessie] - nova <no-dsa> (Minor issue)
- quantum <unfixed>
[wheezy] - quantum <no-dsa> (Minor issue)
- swift <not-affected> (See
https://bugs.launchpad.net/keystone/+bug/1188189/comments/5)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2014-12-08 17:40:39 UTC (rev 30593)
+++ data/DSA/list 2014-12-08 17:43:52 UTC (rev 30594)
@@ -1,5 +1,5 @@
[07 Dec 2014] DSA-3092-1 icedove - security update
- {CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594}
+ {CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594
CVE-2014-3566}
[wheezy] - icedove 31.3.0-1~deb7u1
[07 Dec 2014] DSA-3091-1 getmail4 - security update
{CVE-2014-7273 CVE-2014-7274 CVE-2014-7275}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
