Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4fd90ca7 by Salvatore Bonaccorso at 2018-02-19T20:40:43+01:00 Adjust status for CVE-2013-7383 for x2goserver The issue was fixed upstream before, and in Debian with the initial commit, thus mark it as not-affected with a note that it was fixed with the first upload to Debian. Thus affected code was never in Debian. Reference the fixing commits as per http://www.openwall.com/lists/oss-security/2014/05/19/9 - - - - - 80bb4608 by Salvatore Bonaccorso at 2018-02-19T20:44:01+01:00 Update status for CVE-2013-4376 Mark this one as well as not-affected since fixed in Debian included with the initial upload (to unstable) and fixed upstream before. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -142595,9 +142595,11 @@ CVE-2014-3221 (Huawei Eudemon8000E firewall with software V200R001C01SPC800 and CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...) NOT-FOR-US: F5 BIG-IQ CVE-2013-7383 (x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before ...) - - x2goserver 4.1.0.0-1 - NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=80ff6997550749a64dd5db5684acbd47a4127ab3 - NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=c2036a1152a7e57286ffeb8e8859177f8de64a33 + - x2goserver <not-affected> (Fixed with first upload to Debian) + NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7 (4.0.1.10) + NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256 (4.0.0.8) + NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8 (4.0.0.8) + NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104 (4.0.0.8) CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...) NOT-FOR-US: PHP-Fusion CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...) @@ -158911,7 +158913,7 @@ CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in - qemu-kvm <not-affected> (Introduced in 1.4) NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440 CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...) - - x2goserver 4.1.0.0-1 + - x2goserver <not-affected> (Fixed with first upload to Debian) NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=42264c88d7885474ebe3763b2991681ddfcfa69a CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before ...) - xen 4.2 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9763c9c0c64129fd94fdb25b84e95e195b47a0ef...80bb4608b58a6b87b30bc31de03e10ae02b459ec --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9763c9c0c64129fd94fdb25b84e95e195b47a0ef...80bb4608b58a6b87b30bc31de03e10ae02b459ec You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits