[Secure-testing-commits] r23983 - data
Author: carnil Date: 2013-10-13 06:24:28 + (Sun, 13 Oct 2013) New Revision: 23983 Modified: data/next-oldstable-point-update.txt Log: Add various CVE's for zabbix fixed trough opu Modified: data/next-oldstable-point-update.txt === --- data/next-oldstable-point-update.txt2013-10-12 21:29:11 UTC (rev 23982) +++ data/next-oldstable-point-update.txt2013-10-13 06:24:28 UTC (rev 23983) @@ -26,3 +26,15 @@ [squeeze] - pcp 3.3.3-squeeze3 CVE-2013-4124 [squeeze] - samba 2:3.5.6~dfsg-3squeeze10 +CVE-2013-5743 + [squeeze] - zabbix 1:1.8.2-1squeeze5 +CVE-2011-3263 + [squeeze] - zabbix 1:1.8.2-1squeeze5 +CVE-2011-3265 + [squeeze] - zabbix 1:1.8.2-1squeeze5 +CVE-2011-3264 + [squeeze] - zabbix 1:1.8.2-1squeeze5 +CVE-2011-3265 + [squeeze] - zabbix 1:1.8.2-1squeeze5 +CVE-2013-1364 + [squeeze] - zabbix 1:1.8.2-1squeeze5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23982 - data
Author: carnil Date: 2013-10-12 21:29:11 + (Sat, 12 Oct 2013) New Revision: 23982 Modified: data/next-point-update.txt Log: Add CVE-2013-4326/rtkit to next stable point release Modified: data/next-point-update.txt === --- data/next-point-update.txt 2013-10-12 15:11:17 UTC (rev 23981) +++ data/next-point-update.txt 2013-10-12 21:29:11 UTC (rev 23982) @@ -0,0 +1,2 @@ +CVE-2013-4326 + [wheezy] - rtkit 0.10-2+wheezy1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23981 - data
Author: thijs Date: 2013-10-12 15:11:17 + (Sat, 12 Oct 2013) New Revision: 23981 Modified: data/next-point-update.txt Log: no stable upload for nova yet (see #719632) Modified: data/next-point-update.txt === --- data/next-point-update.txt 2013-10-12 15:07:35 UTC (rev 23980) +++ data/next-point-update.txt 2013-10-12 15:11:17 UTC (rev 23981) @@ -1,2 +0,0 @@ -CVE-2013-2096 - [wheezy] - nova 2012.1.1-18+deb7u1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23980 - in data: . CVE
Author: thijs Date: 2013-10-12 15:07:35 + (Sat, 12 Oct 2013) New Revision: 23980 Modified: data/CVE/list data/next-point-update.txt Log: stable point release 7.2 Modified: data/CVE/list === --- data/CVE/list 2013-10-12 14:07:36 UTC (rev 23979) +++ data/CVE/list 2013-10-12 15:07:35 UTC (rev 23980) @@ -2559,7 +2559,7 @@ RESERVED - nmap 6.40-0.1 (low; bug #719289) [squeeze] - nmap (Vulnerable code not present) - [wheezy] - nmap (Minor issue) + [wheezy] - nmap 6.00-0.3+deb7u1 CVE-2013-4884 RESERVED CVE-2013-5217 @@ -3873,7 +3873,7 @@ - linux-2.6 (Introduced in 3.8) CVE-2013-4342 (xinetd does not enforce the user and group configuration directives ...) - xinetd 1:2.3.15-2 (bug #324678) - [wheezy] - xinetd (Minor issue) + [wheezy] - xinetd 1:2.3.14-7.1+deb7u1 [squeeze] - xinetd (Minor issue) CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...) - moodle 2.5.2-1 @@ -4585,7 +4585,7 @@ - linux-2.6 (Introduced in 3.7) CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...) - samba 2:3.6.17-1 (low) - [wheezy] - samba (Minor issue) + [wheezy] - samba 2:3.6.6-6+deb7u1 [squeeze] - samba (Minor issue) - samba4 (low) [wheezy] - samba4 (Minor issue) @@ -7361,6 +7361,7 @@ [squeeze] - chromium-browser CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) ...) - linux 3.10.11-1 (low) + [wheezy] - linux 3.2.51-1 - linux-2.6 (driver introduced in 2.6.35) CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) ...) - linux 3.10.11-1 (low) @@ -7371,6 +7372,7 @@ - linux-2.6 (driver introduced in 2.6.38) CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem ...) - linux 3.10.11-1 (low) + [wheezy] - linux 3.2.51-1 - linux-2.6 (Vulnerable feature probing code not present) CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) ...) - linux (low) @@ -7385,6 +7387,7 @@ CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in ...) {DSA-2766-1} - linux 3.10.11-1 (low) + [wheezy] - linux 3.2.51-1 - linux-2.6 (low) CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) ...) - linux (low) @@ -7400,6 +7403,7 @@ {DSA-2766-1} - linux 3.10.11-1 - linux-2.6 + [wheezy] - linux 3.2.51-1 CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 @@ -9422,6 +9426,7 @@ CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift ...) {DSA-2737-1} - swift 1.8.0-6 (low; bug #712202) + [wheezy] - swift 1.4.8-2+deb7u1 CVE-2013-2160 (Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before ...) NOT-FOR-US: Apache CXF CVE-2013-2159 [monkey broken authentication] @@ -9470,7 +9475,7 @@ [wheezy] - linux 3.2.46-1 CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...) - libmodule-signature-perl 0.73-1 (bug #711239) - [wheezy] - libmodule-signature-perl (Minor issue) + [wheezy] - libmodule-signature-perl 0.68-1+deb7u1 [squeeze] - libmodule-signature-perl (Minor issue) CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...) NOT-FOR-US: RHEV Manager @@ -9865,7 +9870,7 @@ RESERVED - python-httplib2 0.8-2 (low; bug #706602) [squeeze] - python-httplib2 (Minor issue) - [wheezy] - python-httplib2 (Minor issue) + [wheezy] - python-httplib2 0.7.4-2+deb7u1 NOTE: http://openwall.com/lists/oss-security/2013/05/01/5 CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module ...) NOT-FOR-US: Drupal module Filebrowser @@ -9965,7 +9970,7 @@ NOTE: fixed in 2013.1-1 for experimental CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...) - python-keystoneclient 1:0.2.5-1 (bug #709535) - [wheezy] - python-keystoneclient (Minor issue) + [wheezy] - python-keystoneclient 2012.1-3+deb7u1 NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315 NOTE: https://review.openstack.org/28702 CVE-2013-2012 [autojump profile will load random stuff from a directory called custom_install] @@ -11929,7 +11934,7 @@ [wheezy] - perl (Bug was introduced later) [squeeze] - perl (Does not yet contain Module::Metadata) - libmodule-metadata-perl 1.15-1 - [wheezy] - libmodule-metadata-perl (Documentation i
[Secure-testing-commits] r23979 - data/CVE
Author: fgeek-guest Date: 2013-10-12 14:07:36 + (Sat, 12 Oct 2013) New Revision: 23979 Modified: data/CVE/list Log: dropbear issue reported Modified: data/CVE/list === --- data/CVE/list 2013-10-12 09:14:25 UTC (rev 23978) +++ data/CVE/list 2013-10-12 14:07:36 UTC (rev 23979) @@ -1,3 +1,5 @@ +CVE-2013- [dropbear: avoid disclosing existence of valid users through inconsistent delays] + - dropbear (bug #726118) CVE-2013-6063 RESERVED CVE-2013-6062 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23978 - data/CVE
Author: joeyh Date: 2013-10-12 09:14:25 + (Sat, 12 Oct 2013) New Revision: 23978 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2013-10-12 07:44:51 UTC (rev 23977) +++ data/CVE/list 2013-10-12 09:14:25 UTC (rev 23978) @@ -3777,6 +3777,7 @@ RESERVED CVE-2013-4365 RESERVED + {DSA-2778-1} - libapache2-mod-fcgid 1:2.3.9-1 (bug #725942) CVE-2013-4364 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23977 - data/CVE
Author: carnil Date: 2013-10-12 07:44:51 + (Sat, 12 Oct 2013) New Revision: 23977 Modified: data/CVE/list Log: Add bugnumber for CVE-2013-4251/python-scipy Modified: data/CVE/list === --- data/CVE/list 2013-10-12 07:23:10 UTC (rev 23976) +++ data/CVE/list 2013-10-12 07:44:51 UTC (rev 23977) @@ -4153,7 +4153,7 @@ RESERVED CVE-2013-4251 [weave /tmp and current directory issues] RESERVED - - python-scipy + - python-scipy (bug #726093) NOTE: https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973 CVE-2013-4250 [Vulnerable subcomponent: Backend File Upload / File Abstraction Layer] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r23976 - data/CVE
Author: carnil Date: 2013-10-12 07:23:10 + (Sat, 12 Oct 2013) New Revision: 23976 Modified: data/CVE/list Log: Add CVE-2013-4251, python-scipy; concludes external check Modified: data/CVE/list === --- data/CVE/list 2013-10-11 21:55:12 UTC (rev 23975) +++ data/CVE/list 2013-10-12 07:23:10 UTC (rev 23976) @@ -4151,8 +4151,10 @@ RESERVED CVE-2013-4252 RESERVED -CVE-2013-4251 +CVE-2013-4251 [weave /tmp and current directory issues] RESERVED + - python-scipy + NOTE: https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973 CVE-2013-4250 [Vulnerable subcomponent: Backend File Upload / File Abstraction Layer] RESERVED - typo3 (All versions from 6.0.0 up to the development branch of 6.2) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits