[Secure-testing-commits] r22651 - data/CVE

Mon, 17 Jun 2013 09:54:38 -0700 

Author: jmm
Date: 2013-06-17 16:53:39 +0000 (Mon, 17 Jun 2013)
New Revision: 22651

Modified:
   data/CVE/list
Log:
kernel updates
no-dsa for squeeze: telepathy-gabble, cacti, rpm
rrdtool non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2013-06-17 16:52:51 UTC (rev 22650)
+++ data/CVE/list       2013-06-17 16:53:39 UTC (rev 22651)
@@ -3728,7 +3728,7 @@
        - linux-2.6 <removed> (low)
 CVE-2013-2850 (Heap-based buffer overflow in the 
iscsi_add_notunderstood_response ...)
        - linux 3.9.4-1
-       - linux-2.6 <removed>
+       - linux-2.6 <not-affected> (Introduced in 3.1)
        [wheezy] - linux 3.2.46-1
        [jessie] - linux 3.2.46-1
 CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google 
Chrome ...)
@@ -4292,7 +4292,9 @@
 CVE-2013-2597
        RESERVED
 CVE-2013-2596 (Integer overflow in the fb_mmap function in 
drivers/video/fbmem.c in ...)
-       TODO: check implications for our linux kernels
+       - linux 3.9-1
+       [wheezy] - linux 3.2.46-1
+       [jessie] - linux 3.2.46-1
        NOTE: the issue comes from fbmem code from linux mainline, the exploit 
was just targetting motorola
        NOTE: phones that ship code that is based on the original linux code, 
but both are affected.
        NOTE: an exploit needs access to /dev/fb0 which is not world 
readable/writable on Debian
@@ -5407,7 +5409,7 @@
 CVE-2013-2162 [mysql insecure conffile creation]
        RESERVED
        - mysql-5.5 <unfixed> (low; bug #711600)
-       - mysql-5.1 <removed>
+       - mysql-5.1 <removed> (low)
 CVE-2013-2161 [Unchecked user input in Swift XML responses]
        RESERVED
        - swift <unfixed> (bug #712202)
@@ -5506,7 +5508,8 @@
        NOTE: 
https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
 CVE-2013-2131 [format string vulnerability]
        RESERVED
-       - rrdtool <unfixed> (bug #708866)
+       - rrdtool <unfixed> (unimportant; bug #708866)
+       NOTE: Non-issue, calling application need to perform sanitising
 CVE-2013-2130 [null pointer dereference in webadmin]
        RESERVED
        - znc <unfixed>
@@ -6827,7 +6830,8 @@
        NOTE: Upstream non-verified fix 
https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6
 CVE-2013-1769 [Crashes when trying to hash caps containing pathological data 
forms]
        RESERVED
-       - telepathy-gabble 0.16.5-1 (bug #702252)
+       - telepathy-gabble 0.16.5-1 (low; bug #702252)
+       [squeeze] - telepathy-gabble <no-dsa> (Minor issue)
 CVE-2013-1768
        RESERVED
 CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function 
in ...)
@@ -13519,7 +13523,8 @@
 CVE-2011-5224 (SQL injection vulnerability in the Sentinel plugin 1.0.0 for 
WordPress ...)
        NOT-FOR-US: WordPress plugin Sentinel
 CVE-2011-5223 (Cross-site request forgery (CSRF) vulnerability in logout.php 
in Cacti ...)
-       - cacti 0.8.7i-1
+       - cacti 0.8.7i-1 (low)
+       [squeeze] - cacti <no-dsa> (Minor issue)
 CVE-2011-5222 (SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 
4.8 and ...)
        NOT-FOR-US: PHP Flirt-Projekt
 CVE-2011-5221 (Cross-site scripting (XSS) vulnerability in the getLog function 
in ...)
@@ -14889,7 +14894,6 @@
        - libv8 <not-affected> (bug #702261; kMinFixedIndex and kMaxFixedIndex 
are hard-coded to the correct values in 3.8.9.20, a later commit introduced a 
caclulation that produced incorrect values)
        - chromium-browser 24.0.1312.68-1
        [squeeze] - chromium-browser <end-of-life>
-       TODO: re-check uploads newer than 3.8.9.20
 CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to 
cause a ...)
        [squeeze] - chromium-browser <end-of-life>
        - chromium-browser 24.0.1312.68-1
@@ -21285,7 +21289,6 @@
        - libav 6:0.8.4-1 (bug #688847)
        - ffmpeg <removed>
        NOTE: duplicate of CVE-2012-2777
-       TODO: mark this properly as duplicate
 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 
0.11, ...)
        {DSA-2624-1}
        - ffmpeg <removed> (bug #688849)
@@ -26244,6 +26247,7 @@
        RESERVED
 CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 
4.9.1.3 ...)
        - rpm 4.9.1.3-1 (bug #667031)
+       [squeeze] - rpm <no-dsa> (Minor issue)
 CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in 
OpenSSH ...)
        - openssh 1:5.6p1-1 (low; bug #657445)
        [squeeze] - openssh 1:5.5p1-6+squeeze2
@@ -29161,8 +29165,10 @@
        NOT-FOR-US: JBoss Operations Network
 CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 
does not ...)
        - rpm 4.9.1.3-1 (bug #667031)
+       [squeeze] - rpm <no-dsa> (Minor issue)
 CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, 
which ...)
        - rpm 4.9.1.3-1 (bug #667031)
+       [squeeze] - rpm <no-dsa> (Minor issue)
 CVE-2012-0059
        RESERVED
        NOT-FOR-US: RHN Satellite


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to