[Secure-testing-commits] r23861 - data/CVE
Author: fgeek-guest Date: 2013-10-03 05:35:22 + (Thu, 03 Oct 2013) New Revision: 23861 Modified: data/CVE/list Log: CVE-2013-4344 needs checking Modified: data/CVE/list === --- data/CVE/list 2013-10-02 21:19:57 UTC (rev 23860) +++ data/CVE/list 2013-10-03 05:35:22 UTC (rev 23861) @@ -3629,6 +3629,8 @@ - linux CVE-2013-4344 RESERVED + - xen + TODO: check CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...) - linux [wheezy] - linux (Introduced in 3.8) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23859 - data/CVE
Author: carnil Date: 2013-10-02 21:19:54 + (Wed, 02 Oct 2013) New Revision: 23859 Modified: data/CVE/list Log: Mark CVE-2013-4326/rtkit as no-dsa for wheezy Modified: data/CVE/list === --- data/CVE/list 2013-10-02 21:14:47 UTC (rev 23858) +++ data/CVE/list 2013-10-02 21:19:54 UTC (rev 23859) @@ -3683,6 +3683,7 @@ CVE-2013-4326 [use of insecure polkit DBUS API] RESERVED - rtkit 0.10-3 (bug #723714) + [wheezy] - rtkit (user can get realtime scheduling privileges) CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging ...) - hplip 3.13.9-1 (bug #723716) CVE-2013-4324 [Insecure calling of polkit via polkit_unix_process_new()] ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23860 - data
Author: carnil Date: 2013-10-02 21:19:57 + (Wed, 02 Oct 2013) New Revision: 23860 Modified: data/dsa-needed.txt Log: Remove rtkit from dsa-needed list Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 21:19:54 UTC (rev 23859) +++ data/dsa-needed.txt 2013-10-02 21:19:57 UTC (rev 23860) @@ -83,8 +83,6 @@ -- qt4-x11/oldstable -- -rtkit/stable --- ruby1.8/oldstable -- ruby1.9.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23858 - data/CVE
Author: joeyh Date: 2013-10-02 21:14:47 + (Wed, 02 Oct 2013) New Revision: 23858 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2013-10-02 16:14:49 UTC (rev 23857) +++ data/CVE/list 2013-10-02 21:14:47 UTC (rev 23858) @@ -1,3 +1,21 @@ +CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout ...) + TODO: check +CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 ...) + TODO: check +CVE-2013-5974 + RESERVED +CVE-2013-5973 + RESERVED +CVE-2013-5972 + RESERVED +CVE-2013-5971 + RESERVED +CVE-2013-5970 + RESERVED +CVE-2013-5969 + RESERVED +CVE-2013-5968 + RESERVED CVE-2013-5967 RESERVED CVE-2013-5966 @@ -456,8 +474,7 @@ CVE-2013- [poppler / JPEG error handler] - poppler 0.16.3-1 (bug #722705) NOTE: CVE request: http://article.gmane.org/gmane.comp.security.oss.general/11132 -CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server] - RESERVED +CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...) - vino (low; bug #724545) [wheezy] - vino (Minor issue) [squeeze] - vino (Minor issue) @@ -915,8 +932,7 @@ NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13 NOTE: still not clear why the split was done, but confirmed by upstream that this issue NOTE: is covered by the fixes applied for CVE-2013-3371 -CVE-2013-5580 [denial of service (server crash)] - RESERVED +CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in ...) - ngircd (only affects 20, 20.1, and 20.2) NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html CVE-2013-5576 [Joomla unauthorised uploads] @@ -2781,8 +2797,8 @@ RESERVED CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...) NOT-FOR-US: PPP Access Concentrator -CVE-2013-4708 - RESERVED +CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...) + TODO: check CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with firmware ...) NOT-FOR-US: D-Link CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with firmware ...) @@ -3542,8 +3558,7 @@ {DSA-2765-1} - davfs2 1.4.7-3 (bug #723034) NOTE: http://savannah.nongnu.org/bugs/?40034 -CVE-2013-4361 [Information leak through fbld instruction emulation] - RESERVED +CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...) - xen CVE-2013-4360 RESERVED @@ -3566,8 +3581,7 @@ - xen [wheezy] - xen (Only affects 4.3+) [squeeze] - xen (Only affects 4.3+) -CVE-2013-4355 [Information leaks through I/O instruction emulation] - RESERVED +CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which ...) - xen CVE-2013-4354 [Glance image creation in other tenant accounts] RESERVED @@ -4055,8 +4069,7 @@ CVE-2013-4211 RESERVED NOT-FOR-US: OpenX -CVE-2013-4210 - RESERVED +CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...) NOT-FOR-US: JBoss Remoting CVE-2013-4209 [ABRT: (substantially) limited leak of unauthorized information] RESERVED @@ -4276,7 +4289,7 @@ NOT-FOR-US: xlockmore NOTE: http://openwall.com/lists/oss-security/2013/07/16/8 CVE-2013-4142 - RESERVED + REJECTED NOTE: Should be REJECTED, see CVE-2013-3969 CVE-2013-4141 REJECTED @@ -4611,8 +4624,8 @@ RESERVED CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...) NOT-FOR-US: IBM DB2 -CVE-2013-4032 - RESERVED +CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server ...) + TODO: check CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...) NOT-FOR-US: IBM BladeCenter CVE-2013-4030 @@ -4737,8 +4750,7 @@ TODO: check CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service -CVE-2013-3969 - RESERVED +CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through ...) - mongodb 1:2.4.5-1 (bug #715007; bug #717173) [squeeze] - mongodb (Only affects 2.4.x) [wheezy] - mongodb (Only affects 2.4.x) @@ -4751,12 +4763,12 @@ RESERVED CVE-2013-3965 RESERVED -CVE-2013-3964 - RESERVED -CVE-2013-3963 - RESERVED -CVE-2013-3962 - RESERVED +CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162,
[Secure-testing-commits] r23857 - data
Author: jmm Date: 2013-10-02 16:14:49 + (Wed, 02 Oct 2013) New Revision: 23857 Modified: data/dsa-needed.txt Log: take nas Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 07:55:46 UTC (rev 23856) +++ data/dsa-needed.txt 2013-10-02 16:14:49 UTC (rev 23857) @@ -61,7 +61,7 @@ -- mysql-5.5/stable (carnil) -- -nas +nas (jmm) -- openjpeg patches are not yet avaialble ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23856 - data
Author: carnil Date: 2013-10-02 07:55:46 + (Wed, 02 Oct 2013) New Revision: 23856 Modified: data/dsa-needed.txt Log: icedtea-web DSA note Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 07:29:21 UTC (rev 23855) +++ data/dsa-needed.txt 2013-10-02 07:55:46 UTC (rev 23856) @@ -29,7 +29,9 @@ -- hplip -- -icedtea-web +icedtea-web (carnil) + Packages for unstable prepared and uploaded + Need to rebuild packages for wheezy and test -- iceape (jmm) -- ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23855 - in data: . CVE
Author: jmm Date: 2013-10-02 07:29:21 + (Wed, 02 Oct 2013) New Revision: 23855 Modified: data/CVE/list data/dsa-needed.txt Log: new chromium issues in addition to a already poorly maintained libv8 we now also have libv8-3.14 :-/ Modified: data/CVE/list === --- data/CVE/list 2013-10-02 07:09:12 UTC (rev 23854) +++ data/CVE/list 2013-10-02 07:29:21 UTC (rev 23855) @@ -7048,38 +7048,59 @@ RESERVED CVE-2013-2922 RESERVED + - chromium-browser CVE-2013-2921 RESERVED + - chromium-browser CVE-2013-2920 RESERVED + - chromium-browser CVE-2013-2919 RESERVED + - chromium-browser + - libv8 + - libv8-3.14 CVE-2013-2918 RESERVED + - chromium-browser CVE-2013-2917 RESERVED + - chromium-browser CVE-2013-2916 RESERVED + - chromium-browser CVE-2013-2915 RESERVED + - chromium-browser CVE-2013-2914 RESERVED + - chromium-browser CVE-2013-2913 RESERVED + - chromium-browser + TODO: Might affect libxml2 CVE-2013-2912 RESERVED + - chromium-browser CVE-2013-2911 RESERVED + - chromium-browser + TODO: Might affect libxslt CVE-2013-2910 RESERVED + - chromium-browser CVE-2013-2909 RESERVED + - chromium-browser CVE-2013-2908 RESERVED + - chromium-browser CVE-2013-2907 RESERVED + - chromium-browser CVE-2013-2906 RESERVED + - chromium-browser CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 Modified: data/dsa-needed.txt === --- data/dsa-needed.txt 2013-10-02 07:09:12 UTC (rev 23854) +++ data/dsa-needed.txt 2013-10-02 07:29:21 UTC (rev 23855) @@ -15,6 +15,8 @@ -- apache2 (sf) -- +chromium-browser +-- drupal6/oldstable -- eglibc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23854 - data/CVE
Author: jmm Date: 2013-10-02 07:09:12 + (Wed, 02 Oct 2013) New Revision: 23854 Modified: data/CVE/list Log: red hat NFU (concludes external check) Modified: data/CVE/list === --- data/CVE/list 2013-10-02 05:19:34 UTC (rev 23853) +++ data/CVE/list 2013-10-02 07:09:12 UTC (rev 23854) @@ -3804,6 +3804,7 @@ RESERVED CVE-2013-4284 RESERVED + NOT-FOR-US: Cumin CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote ...) - 389-ds-base (bug #721222) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=999634 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits