[Secure-testing-commits] r23861 - data/CVE
Author: fgeek-guest Date: 2013-10-03 05:35:22 + (Thu, 03 Oct 2013) New Revision: 23861 Modified: data/CVE/list Log: CVE-2013-4344 needs checking Modified: data/CVE/list === --- data/CVE/list 2013-10-02 21:19:57 UTC (rev 23860) +++ data/CVE/list 2013-10-03 05:35:22 UTC (rev 23861) @@ -3629,6 +3629,8 @@ - linux CVE-2013-4344 RESERVED + - xen + TODO: check CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...) - linux [wheezy] - linux (Introduced in 3.8) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23859 - data/CVE
Author: carnil Date: 2013-10-02 21:19:54 + (Wed, 02 Oct 2013) New Revision: 23859 Modified: data/CVE/list Log: Mark CVE-2013-4326/rtkit as no-dsa for wheezy Modified: data/CVE/list === --- data/CVE/list 2013-10-02 21:14:47 UTC (rev 23858) +++ data/CVE/list 2013-10-02 21:19:54 UTC (rev 23859) @@ -3683,6 +3683,7 @@ CVE-2013-4326 [use of insecure polkit DBUS API] RESERVED - rtkit 0.10-3 (bug #723714) + [wheezy] - rtkit (user can get realtime scheduling privileges) CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging ...) - hplip 3.13.9-1 (bug #723716) CVE-2013-4324 [Insecure calling of polkit via polkit_unix_process_new()] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23860 - data
Author: carnil Date: 2013-10-02 21:19:57 + (Wed, 02 Oct 2013) New Revision: 23860 Modified: data/dsa-needed.txt Log: Remove rtkit from dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 21:19:54 UTC (rev 23859) +++ data/dsa-needed.txt 2013-10-02 21:19:57 UTC (rev 23860) @@ -83,8 +83,6 @@ -- qt4-x11/oldstable -- -rtkit/stable --- ruby1.8/oldstable -- ruby1.9.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23858 - data/CVE
Author: joeyh
Date: 2013-10-02 21:14:47 + (Wed, 02 Oct 2013)
New Revision: 23858
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2013-10-02 16:14:49 UTC (rev 23857)
+++ data/CVE/list 2013-10-02 21:14:47 UTC (rev 23858)
@@ -1,3 +1,21 @@
+CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy
logout ...)
+ TODO: check
+CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM
11.1.0 ...)
+ TODO: check
+CVE-2013-5974
+ RESERVED
+CVE-2013-5973
+ RESERVED
+CVE-2013-5972
+ RESERVED
+CVE-2013-5971
+ RESERVED
+CVE-2013-5970
+ RESERVED
+CVE-2013-5969
+ RESERVED
+CVE-2013-5968
+ RESERVED
CVE-2013-5967
RESERVED
CVE-2013-5966
@@ -456,8 +474,7 @@
CVE-2013- [poppler / JPEG error handler]
- poppler 0.16.3-1 (bug #722705)
NOTE: CVE request:
http://article.gmane.org/gmane.comp.security.oss.general/11132
-CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server]
- RESERVED
+CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c
in GNOME ...)
- vino (low; bug #724545)
[wheezy] - vino (Minor issue)
[squeeze] - vino (Minor issue)
@@ -915,8 +932,7 @@
NOTE: patch for 4.0.13:
https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
NOTE: still not clear why the split was done, but confirmed by upstream
that this issue
NOTE: is covered by the fixes applied for CVE-2013-3371
-CVE-2013-5580 [denial of service (server crash)]
- RESERVED
+CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result
functions in ...)
- ngircd (only affects 20, 20.1, and 20.2)
NOTE:
http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
CVE-2013-5576 [Joomla unauthorised uploads]
@@ -2781,8 +2797,8 @@
RESERVED
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the
SEIL/x86 ...)
NOT-FOR-US: PPP Access Concentrator
-CVE-2013-4708
- RESERVED
+CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative
Japan Inc. ...)
+ TODO: check
CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with
firmware ...)
NOT-FOR-US: D-Link
CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with
firmware ...)
@@ -3542,8 +3558,7 @@
{DSA-2765-1}
- davfs2 1.4.7-3 (bug #723034)
NOTE: http://savannah.nongnu.org/bugs/?40034
-CVE-2013-4361 [Information leak through fbld instruction emulation]
- RESERVED
+CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does
not use ...)
- xen
CVE-2013-4360
RESERVED
@@ -3566,8 +3581,7 @@
- xen
[wheezy] - xen (Only affects 4.3+)
[squeeze] - xen (Only affects 4.3+)
-CVE-2013-4355 [Information leaks through I/O instruction emulation]
- RESERVED
+CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors,
which ...)
- xen
CVE-2013-4354 [Glance image creation in other tenant accounts]
RESERVED
@@ -4055,8 +4069,7 @@
CVE-2013-4211
RESERVED
NOT-FOR-US: OpenX
-CVE-2013-4210
- RESERVED
+CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in
Red Hat ...)
NOT-FOR-US: JBoss Remoting
CVE-2013-4209 [ABRT: (substantially) limited leak of unauthorized information]
RESERVED
@@ -4276,7 +4289,7 @@
NOT-FOR-US: xlockmore
NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
CVE-2013-4142
- RESERVED
+ REJECTED
NOTE: Should be REJECTED, see CVE-2013-3969
CVE-2013-4141
REJECTED
@@ -4611,8 +4624,8 @@
RESERVED
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1
through ...)
NOT-FOR-US: IBM DB2
-CVE-2013-4032
- RESERVED
+CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise
Server ...)
+ TODO: check
CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI)
implementation in ...)
NOT-FOR-US: IBM BladeCenter
CVE-2013-4030
@@ -4737,8 +4750,7 @@
TODO: check
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with
IVE OS ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
-CVE-2013-3969
- RESERVED
+CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0
through ...)
- mongodb 1:2.4.5-1 (bug #715007; bug #717173)
[squeeze] - mongodb (Only affects 2.4.x)
[wheezy] - mongodb (Only affects 2.4.x)
@@ -4751,12 +4763,12 @@
RESERVED
CVE-2013-3965
RESERVED
-CVE-2013-3964
- RESERVED
-CVE-2013-3963
- RESERVED
-CVE-2013-3962
- RESERVED
+CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162,
[Secure-testing-commits] r23857 - data
Author: jmm Date: 2013-10-02 16:14:49 + (Wed, 02 Oct 2013) New Revision: 23857 Modified: data/dsa-needed.txt Log: take nas Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 07:55:46 UTC (rev 23856) +++ data/dsa-needed.txt 2013-10-02 16:14:49 UTC (rev 23857) @@ -61,7 +61,7 @@ -- mysql-5.5/stable (carnil) -- -nas +nas (jmm) -- openjpeg patches are not yet avaialble ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23856 - data
Author: carnil Date: 2013-10-02 07:55:46 + (Wed, 02 Oct 2013) New Revision: 23856 Modified: data/dsa-needed.txt Log: icedtea-web DSA note Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 07:29:21 UTC (rev 23855) +++ data/dsa-needed.txt 2013-10-02 07:55:46 UTC (rev 23856) @@ -29,7 +29,9 @@ -- hplip -- -icedtea-web +icedtea-web (carnil) + Packages for unstable prepared and uploaded + Need to rebuild packages for wheezy and test -- iceape (jmm) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23855 - in data: . CVE
Author: jmm
Date: 2013-10-02 07:29:21 + (Wed, 02 Oct 2013)
New Revision: 23855
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
new chromium issues
in addition to a already poorly maintained libv8 we now also have libv8-3.14 :-/
Modified: data/CVE/list
===
--- data/CVE/list 2013-10-02 07:09:12 UTC (rev 23854)
+++ data/CVE/list 2013-10-02 07:29:21 UTC (rev 23855)
@@ -7048,38 +7048,59 @@
RESERVED
CVE-2013-2922
RESERVED
+ - chromium-browser
CVE-2013-2921
RESERVED
+ - chromium-browser
CVE-2013-2920
RESERVED
+ - chromium-browser
CVE-2013-2919
RESERVED
+ - chromium-browser
+ - libv8
+ - libv8-3.14
CVE-2013-2918
RESERVED
+ - chromium-browser
CVE-2013-2917
RESERVED
+ - chromium-browser
CVE-2013-2916
RESERVED
+ - chromium-browser
CVE-2013-2915
RESERVED
+ - chromium-browser
CVE-2013-2914
RESERVED
+ - chromium-browser
CVE-2013-2913
RESERVED
+ - chromium-browser
+ TODO: Might affect libxml2
CVE-2013-2912
RESERVED
+ - chromium-browser
CVE-2013-2911
RESERVED
+ - chromium-browser
+ TODO: Might affect libxslt
CVE-2013-2910
RESERVED
+ - chromium-browser
CVE-2013-2909
RESERVED
+ - chromium-browser
CVE-2013-2908
RESERVED
+ - chromium-browser
CVE-2013-2907
RESERVED
+ - chromium-browser
CVE-2013-2906
RESERVED
+ - chromium-browser
CVE-2013-2905 (The SharedMemory::Create function in
memory/shared_memory_posix.cc in ...)
{DSA-2741-1}
- chromium-browser 29.0.1547.57-1
Modified: data/dsa-needed.txt
===
--- data/dsa-needed.txt 2013-10-02 07:09:12 UTC (rev 23854)
+++ data/dsa-needed.txt 2013-10-02 07:29:21 UTC (rev 23855)
@@ -15,6 +15,8 @@
--
apache2 (sf)
--
+chromium-browser
+--
drupal6/oldstable
--
eglibc
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23854 - data/CVE
Author: jmm Date: 2013-10-02 07:09:12 + (Wed, 02 Oct 2013) New Revision: 23854 Modified: data/CVE/list Log: red hat NFU (concludes external check) Modified: data/CVE/list === --- data/CVE/list 2013-10-02 05:19:34 UTC (rev 23853) +++ data/CVE/list 2013-10-02 07:09:12 UTC (rev 23854) @@ -3804,6 +3804,7 @@ RESERVED CVE-2013-4284 RESERVED + NOT-FOR-US: Cumin CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote ...) - 389-ds-base (bug #721222) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=999634 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
