Author: joeyh Date: 2014-07-23 21:14:13 +0000 (Wed, 23 Jul 2014) New Revision: 27926
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-07-23 20:45:34 UTC (rev 27925) +++ data/CVE/list 2014-07-23 21:14:13 UTC (rev 27926) @@ -1,3 +1,55 @@ +CVE-2014-5043 + RESERVED +CVE-2014-5042 + RESERVED +CVE-2014-5041 + RESERVED +CVE-2014-5040 + RESERVED +CVE-2014-5039 + RESERVED +CVE-2014-5038 + RESERVED +CVE-2014-5037 + RESERVED +CVE-2014-5036 + RESERVED +CVE-2014-5035 + RESERVED +CVE-2014-5034 + RESERVED +CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers ...) + TODO: check +CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in ...) + TODO: check +CVE-2014-5017 (SQL injection vulnerability in CPDB in ...) + TODO: check +CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey ...) + TODO: check +CVE-2014-5014 + RESERVED +CVE-2014-5013 + RESERVED +CVE-2014-5012 + RESERVED +CVE-2014-5011 + RESERVED +CVE-2014-5010 + RESERVED +CVE-2014-5007 + RESERVED +CVE-2014-5006 + RESERVED +CVE-2014-5005 + RESERVED +CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via ...) + TODO: check +CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using ...) + TODO: check +CVE-2013-7390 + RESERVED +CVE-2011-5281 + RESERVED CVE-2014-XXXX [vfs: refcount issues during unmount on symlink] - linux <unfixed> - linux-2.6 <removed> @@ -3,67 +55,92 @@ NOTE: https://lkml.org/lkml/2014/7/21/98 CVE-2014-5033 [kauth authentication bypass] + RESERVED - kde4libs <unfixed> (bug #755814) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716 NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23 CVE-2014-5032 [glpi: unprivileged users can access cost information] + RESERVED - glpi <unfixed> (unimportant) NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/07/22/6 NOTE: Only supported behind an authenticated HTTP zone CVE-2014-5031 [file/directory does not have world read permissions for dirctory index files] + RESERVED - cups 1.7.4-2 NOTE: https://cups.org/str.php?L4455 CVE-2014-5030 [dissalow symlinks for directory index files] + RESERVED - cups 1.7.4-2 NOTE: https://cups.org/str.php?L4455 CVE-2014-5029 [Incomplete fix CVE-2014-3537] + RESERVED - cups 1.7.4-2 NOTE: https://cups.org/str.php?L4455 CVE-2014-5028 + RESERVED - reviewboard <itp> (bug #653113) CVE-2014-5027 + RESERVED - reviewboard <itp> (bug #653113) CVE-2014-5026 [XSS vulnerability] + RESERVED - cacti <unfixed> NOTE: http://bugs.cacti.net/view.php?id=2456 CVE-2014-5025 [XSS vulnerability] + RESERVED - cacti <unfixed> NOTE: http://bugs.cacti.net/view.php?id=2456 CVE-2014-5024 + RESERVED NOT-FOR-US: DELL SonicWALL GMS CVE-2014-5015 [basic http authentication bypass] + RESERVED - bozohttpd <unfixed> (bug #755197) [wheezy] - bozohttpd <no-dsa> (Minor issue) [squeeze] - bozohttpd <no-dsa> (Minor issue) CVE-2014-5009 [Incorrect fix for CVE-2014-5008] + RESERVED - libphp-snoopy <not-affected> (Incorrect fix not applied) NOTE: This issue exists because of an incorrect fix for CVE-2014-5008. NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706 CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required] + RESERVED - libphp-snoopy <unfixed> NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/ NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required). CVE-2014-5004 [Ruby Gem brbackup-0.1.1: exposes the database password to the command line] + RESERVED NOT-FOR-US: Ruby Gem brbackup CVE-2014-5003 [Ruby Gem ciborg-3.0.0: race condition when creating /tmp/perlbrew-installer] + RESERVED NOT-FOR-US: Ruby Gem ciborg CVE-2014-5002 [Ruby Gem lynx-0.2.0: expose the password to the process table] + RESERVED NOT-FOR-US: Ruby Gem lynx CVE-2014-5001 [Ruby Gem kcapifony-2.1.6: expose the password to the process table] + RESERVED NOT-FOR-US: Ruby Gem kcapifony CVE-2014-5000 [Ruby Gem lawn-login-0.0.7: exposes the mysql password to the process table] + RESERVED NOT-FOR-US: Ruby Gem lawn-login CVE-2014-4999 [Ruby Gem kajam-1.0.3.rc2: exposes the mysql password to the process table] + RESERVED NOT-FOR-US: Ruby Gem kajam CVE-2014-4998 [Ruby Gem lean-ruport-0.3.8: exposes the mysql password to the process table] + RESERVED NOT-FOR-US: Ruby Gem lean-ruport CVE-2014-4997 [Ruby Gem point-cli-0.0.1: exposes the username and password combination to the process table] + RESERVED NOT-FOR-US: Ruby Gem point-cli CVE-2014-4996 [Ruby Gem VladTheEnterprising-0.2: clobber files via symlink attack] + RESERVED NOT-FOR-US: Ruby Gem VladTheEnterprising CVE-2014-4995 [Ruby Gem VladTheEnterprising-0.2: Information Leakage] + RESERVED NOT-FOR-US: Ruby Gem VladTheEnterprising CVE-2014-4994 [Ruby Gem gyazo-1.0.0: Insecure Temporary File] + RESERVED NOT-FOR-US: Ruby Gem gyazo CVE-2014-4993 [Ruby Gems backup-agoddard and backup_checksum: expose the password to the process table] + RESERVED NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum CVE-2014-4992 [Ruby Gem cap-strap-0.1.5: expose the password to the process table] @@ -79,13 +156,11 @@ RESERVED CVE-2014-4988 RESERVED -CVE-2014-4987 [PMASA-2014-7 Access for an unprivileged user to MySQL user list.] - RESERVED +CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2014-4986 [PMASA-2014-6 Multiple XSS in AJAX confirmation messages.] - RESERVED +CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <no-dsa> (Minor issue) [squeeze] - phpmyadmin <no-dsa> (Minor issue) @@ -107,19 +182,23 @@ TODO: check CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...) TODO: check -CVE-2014-5022 [Cross-site scripting - Ajax system] +CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...) + {DSA-2983-1} - drupal6 <not-affected> (Only affects Drupal 7 core) - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 -CVE-2014-5021 [Cross-site scripting - Form API option groups] +CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...) + {DSA-2983-1} - drupal6 <removed> - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 -CVE-2014-5020 [Access bypass] +CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly check ...) + {DSA-2983-1} - drupal6 <not-affected> (Only affects Drupal 7 core) - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 -CVE-2014-5019 [Denial of service with malicious HTTP Host header] +CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 ...) + {DSA-2983-1} - drupal6 <removed> - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 @@ -163,8 +242,8 @@ TODO: check CVE-2014-4961 RESERVED -CVE-2014-4960 - RESERVED +CVE-2014-4960 (Multiple SQL injection vulnerabilities in models\gallery.php in ...) + TODO: check CVE-2014-4959 RESERVED CVE-2014-4958 @@ -173,13 +252,12 @@ RESERVED CVE-2014-4956 RESERVED -CVE-2014-4955 [PMASA-2014-5 Self-XSS due to unescaped HTML output in database triggers page.] - RESERVED +CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) -CVE-2014-4954 - RESERVED +CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...) + TODO: check CVE-2014-4953 RESERVED CVE-2014-4952 @@ -190,18 +268,17 @@ RESERVED CVE-2014-4949 RESERVED -CVE-2014-4948 - RESERVED -CVE-2014-4947 - RESERVED +CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and ...) + TODO: check +CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix ...) + TODO: check CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...) TODO: check CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...) TODO: check CVE-2014-4944 (Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in ...) NOT-FOR-US: WordPress plugin -CVE-2014-4943 [privilege escalation in ppp over l2tp sockets] - RESERVED +CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel ...) - linux 3.14.13-1 - linux-2.6 <removed> NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf @@ -607,8 +684,7 @@ RESERVED CVE-2014-4735 RESERVED -CVE-2014-4734 - RESERVED +CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 ...) NOT-FOR-US: e107 CVE-2014-4733 RESERVED @@ -663,8 +739,7 @@ - zendframework <undetermined> NOTE: http://framework.zend.com/security/advisory/ZF2014-03 TODO: check -CVE-2014-4911 [polarssl: Denial of Service against GCM enabled servers and clients] - RESERVED +CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before ...) {DSA-2981-1} - polarssl 1.3.7-2.1 (bug #754655) NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02 @@ -792,7 +867,7 @@ RESERVED CVE-2014-4673 RESERVED -CVE-2014-4672 (The CDetailView widget in Yii PHP Framework before 1.1.15 allows ...) +CVE-2014-4672 (The CDetailView widget in Yii PHP Framework 1.1.14 allows remote ...) - yii-framework-php <itp> (bug #683810) CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...) NOT-FOR-US: Adobe Flash @@ -1170,8 +1245,8 @@ NOT-FOR-US: WordPress plugin ActiveHelper LiveHelp Live Chat CVE-2014-4512 RESERVED -CVE-2014-4511 - RESERVED +CVE-2014-4511 (Gitlist before 0.5.0 allows remote attackers to execute arbitrary ...) + TODO: check CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out ...) NOT-FOR-US: Novell Identity Manager CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman before ...) @@ -1552,12 +1627,10 @@ RESERVED - krb5 <unfixed> (bug #755520) NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f -CVE-2014-4342 [Handle invalid RFC 1964 tokens] - RESERVED +CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...) - krb5 1.12.1+dfsg-4 (bug #753625) NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d -CVE-2014-4341 [Handle invalid RFC 1964 tokens] - RESERVED +CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...) - krb5 1.12.1+dfsg-4 (bug #753624) NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d CVE-2014-4340 @@ -1572,8 +1645,8 @@ NOT-FOR-US: Dolphin (php thing) CVE-2014-4332 RESERVED -CVE-2014-4331 - RESERVED +CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in ...) + TODO: check CVE-2014-4330 RESERVED CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...) @@ -1582,8 +1655,8 @@ RESERVED CVE-2014-4327 RESERVED -CVE-2014-4326 - RESERVED +CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote ...) + TODO: check CVE-2014-4325 RESERVED CVE-2014-4324 @@ -1699,13 +1772,13 @@ CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin component in ...) TODO: check CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 NOTE: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/de40a32a44f5 - openjdk-7 7u65-2.5.1-1 @@ -1714,15 +1787,16 @@ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4264 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) + {DSA-2987-1} - openjdk-6 <not-affected> (Vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d CVE-2014-4263 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4262 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4261 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...) @@ -1753,7 +1827,7 @@ CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component in ...) @@ -1772,7 +1846,7 @@ CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle ...) TODO: check CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4243 (Unspecified vulnerability in the MySQL Server component in Oracle ...) @@ -1832,12 +1906,14 @@ CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 ...) TODO: check CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote ...) + {DSA-2987-1} - openjdk-6 <not-affected> (Vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component in ...) TODO: check CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) + {DSA-2987-1} - openjdk-6 <not-affected> (Vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a @@ -1845,17 +1921,17 @@ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4219 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4218 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...) @@ -1874,7 +1950,7 @@ CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) TODO: check CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4208 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...) @@ -2591,12 +2667,12 @@ RESERVED CVE-2014-3895 RESERVED -CVE-2014-3894 - RESERVED +CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional ...) + TODO: check CVE-2014-3893 RESERVED -CVE-2014-3892 - RESERVED +CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...) + TODO: check CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows ...) TODO: check CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...) @@ -2607,12 +2683,12 @@ TODO: check CVE-2014-3887 RESERVED -CVE-2014-3886 - RESERVED -CVE-2014-3885 - RESERVED -CVE-2014-3884 - RESERVED +CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...) + TODO: check +CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...) + TODO: check +CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 ...) + TODO: check CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Usermin CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...) @@ -3402,14 +3478,12 @@ RESERVED - linux <unfixed> - linux-2.6 <not-affected> (Vulnerable code was introduced later) -CVE-2014-3533 [DoS] - RESERVED +CVE-2014-3533 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to ...) {DSA-2971-1} - dbus 1.8.6-1 [squeeze] - dbus <not-affected> (Vulnerable code not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80469 -CVE-2014-3532 [DoS] - RESERVED +CVE-2014-3532 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux ...) {DSA-2971-1} - dbus 1.8.6-1 [squeeze] - dbus <not-affected> (Fix for other kernel version) @@ -3417,8 +3491,7 @@ CVE-2014-3531 RESERVED - foreman <itp> (bug #663101) -CVE-2014-3530 - RESERVED +CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...) NOT-FOR-US: PicketLink CVE-2014-3529 RESERVED @@ -3433,8 +3506,7 @@ - trafficserver 5.0.1-1 CVE-2014-3524 RESERVED -CVE-2014-3523 [WinNT MPM denial of service] - RESERVED +CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c ...) - apache2 <not-affected> (Affects only Windows systems) CVE-2014-3522 RESERVED @@ -3448,8 +3520,7 @@ RESERVED - linux-2.6 <not-affected> (Vulnerable code not yet present) - linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour) -CVE-2014-3518 - RESERVED +CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss ...) NOT-FOR-US: JBoss Application Server CVE-2014-3517 [Use of non-constant time comparison operation] RESERVED @@ -4017,18 +4088,18 @@ RESERVED CVE-2014-3326 RESERVED -CVE-2014-3325 - RESERVED +CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...) + TODO: check CVE-2014-3324 RESERVED -CVE-2014-3323 - RESERVED +CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center ...) + TODO: check CVE-2014-3322 RESERVED -CVE-2014-3321 - RESERVED -CVE-2014-3320 - RESERVED +CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...) + TODO: check +CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in ...) + TODO: check CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the ...) @@ -4055,8 +4126,8 @@ NOT-FOR-US: Cisco IOS XR CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on ...) NOT-FOR-US: Cisco Small Cell -CVE-2014-3306 - RESERVED +CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, ...) + TODO: check CVE-2014-3305 RESERVED CVE-2014-3304 @@ -4429,20 +4500,18 @@ RESERVED CVE-2014-3163 RESERVED -CVE-2014-3162 [address sanitizer fixes] - RESERVED +CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <no-dsa> (minor issue) [squeeze] - chromium-browser <end-of-life> -CVE-2014-3161 - RESERVED -CVE-2014-3160 [same origin bypass] - RESERVED +CVE-2014-3161 (The WebMediaPlayerAndroid::load function in ...) + TODO: check +CVE-2014-3160 (The ResourceFetcher::canRequest function in ...) - chromium-browser <unfixed> [wheezy] - chromium-browser <no-dsa> (minor issue) [squeeze] - chromium-browser <end-of-life> -CVE-2014-3159 - RESERVED +CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...) + TODO: check CVE-2014-3158 RESERVED CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer ...) @@ -4670,8 +4739,8 @@ NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2014-3065 RESERVED -CVE-2014-3064 - RESERVED +CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management - ...) + TODO: check CVE-2014-3063 RESERVED CVE-2014-3062 @@ -4708,12 +4777,12 @@ RESERVED CVE-2014-3046 RESERVED -CVE-2014-3045 - RESERVED +CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before ...) + TODO: check CVE-2014-3044 RESERVED -CVE-2014-3043 - RESERVED +CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows ...) + TODO: check CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does ...) NOT-FOR-US: IBM CICS Transaction Serve CVE-2014-3041 @@ -5856,8 +5925,7 @@ NOT-FOR-US: HP Network Virtualization CVE-2014-2624 RESERVED -CVE-2014-2623 - RESERVED +CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x allows ...) NOT-FOR-US: HP Data Protector CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center @@ -6043,8 +6111,7 @@ RESERVED CVE-2014-2520 RESERVED -CVE-2014-2519 - RESERVED +CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 ...) NOT-FOR-US: EMC RecoverPoint Appliance CVE-2014-2518 RESERVED @@ -6224,7 +6291,7 @@ CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component in ...) TODO: check CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...) - {DSA-2980-1} + {DSA-2987-1 DSA-2980-1} - openjdk-6 6b32-1.13.4-1 NOTE: http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af - openjdk-7 7u65-2.5.1-1 @@ -6249,6 +6316,7 @@ - mariadb-5.5 <not-affected> (Only affects 5.6) - percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6) CVE-2014-2483 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...) + {DSA-2987-1} - openjdk-6 <not-affected> (vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003 @@ -6508,8 +6576,7 @@ NOT-FOR-US: BlackBerry Z 10 CVE-2014-2388 RESERVED -CVE-2014-2385 - RESERVED +CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web UI in ...) NOT-FOR-US: Sophos Antivirus CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...) NOT-FOR-US: VMware on Windows @@ -6544,16 +6611,16 @@ RESERVED CVE-2014-2369 RESERVED -CVE-2014-2368 - RESERVED -CVE-2014-2367 - RESERVED -CVE-2014-2366 - RESERVED -CVE-2014-2365 - RESERVED -CVE-2014-2364 - RESERVED +CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech ...) + TODO: check +CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...) + TODO: check +CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote ...) + TODO: check +CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2 allows ...) + TODO: check +CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before ...) + TODO: check CVE-2014-2363 RESERVED CVE-2014-2362 @@ -7465,22 +7532,22 @@ NOT-FOR-US: Android application for East Japan Railway Company CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...) NOT-FOR-US: NTT application for Android -CVE-2014-1999 - RESERVED +CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP 1.1 ...) + TODO: check CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of ...) NOT-FOR-US: SOY CMS CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier ...) NOT-FOR-US: ATEN IP KVM Switch -CVE-2014-1996 - RESERVED -CVE-2014-1995 - RESERVED -CVE-2014-1994 - RESERVED -CVE-2014-1993 - RESERVED -CVE-2014-1992 - RESERVED +CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users to ...) + TODO: check +CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search ...) + TODO: check +CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet in ...) + TODO: check +CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 ...) + TODO: check +CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages functionality ...) + TODO: check CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through ...) NOT-FOR-US: NTT DATA INTRAMART CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...) @@ -7489,8 +7556,8 @@ NOT-FOR-US: Cybozu Garoon CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...) NOT-FOR-US: Cybozu Garoon -CVE-2014-1987 - RESERVED +CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote ...) + TODO: check CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...) NOT-FOR-US: KOKUYO CamiApp application CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu ...) @@ -7515,8 +7582,8 @@ NOT-FOR-US: Unzipper Android app CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer ...) NOT-FOR-US: LYSESOFT -CVE-2014-1973 - RESERVED +CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer ...) + TODO: check CVE-2014-1972 RESERVED CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...) @@ -8776,14 +8843,12 @@ RESERVED CVE-2014-1562 RESERVED -CVE-2014-1561 [Toolbar dialog customization event spoofing] - RESERVED +CVE-2014-1561 (Mozilla Firefox before 31.0 does not properly restrict use of ...) - iceweasel 31.0-1 [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) [squeeze] - iceweasel <end-of-life> NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-60.html -CVE-2014-1560 [Certificate parsing broken by non-standard character] - RESERVED +CVE-2014-1560 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...) - iceweasel 31.0-1 - icedove <unfixed> [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) @@ -8791,8 +8856,7 @@ [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html -CVE-2014-1559 [Certificate parsing broken by non-standard character] - RESERVED +CVE-2014-1559 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...) - iceweasel 31.0-1 - icedove <unfixed> [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) @@ -8800,8 +8864,7 @@ [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html -CVE-2014-1558 [Certificate parsing broken by non-standard character] - RESERVED +CVE-2014-1558 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...) - iceweasel 31.0-1 - icedove <unfixed> [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) @@ -8809,22 +8872,22 @@ [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html -CVE-2014-1557 [Crash in Skia library when scaling high quality images] - RESERVED +CVE-2014-1557 (The ConvolveHorizontally function in Skia, as used in Mozilla Firefox ...) + {DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> [squeeze] - icedove <end-of-life> NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-64.html -CVE-2014-1556 [Exploitable WebGL crash with Cesium JavaScript] - RESERVED +CVE-2014-1556 (Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and ...) + {DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> [squeeze] - icedove <end-of-life> NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-62.html -CVE-2014-1555 [Use-after-free with FireOnStateChange event] - RESERVED +CVE-2014-1555 (Use-after-free vulnerability in the nsDocLoader::OnProgress function ...) + {DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> @@ -8834,8 +8897,7 @@ RESERVED CVE-2014-1553 RESERVED -CVE-2014-1552 [IFRAME sandbox same-origin access through redirect] - RESERVED +CVE-2014-1552 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not ...) - iceweasel 31.0-1 - icedove <unfixed> [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) @@ -8843,13 +8905,11 @@ [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-66.html -CVE-2014-1551 [Use-after-free in DirectWrite font handling] - RESERVED +CVE-2014-1551 (Use-after-free vulnerability in the FontTableRec destructor in Mozilla ...) - iceweasel <not-affected> (Affects only Windows platform) - icedove <not-affected> (Affects only Windows platform) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-59.html -CVE-2014-1550 [Use-after-free in Web Audio due to incorrect control message ordering] - RESERVED +CVE-2014-1550 (Use-after-free vulnerability in the MediaInputPort class in Mozilla ...) - iceweasel 31.0-1 [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) [squeeze] - iceweasel <end-of-life> @@ -8857,8 +8917,7 @@ [squeeze] - icedove <end-of-life> [wheezy] - icedove <not-affected> (Only affects releases after ESR24) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-58.html -CVE-2014-1549 [Buffer overflow during Web Audio buffering for playback] - RESERVED +CVE-2014-1549 (The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer ...) - iceweasel 31.0-1 [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) [squeeze] - iceweasel <end-of-life> @@ -8866,13 +8925,12 @@ [squeeze] - icedove <end-of-life> [wheezy] - icedove <not-affected> (Only affects releases after ESR24) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-57.html -CVE-2014-1548 - RESERVED +CVE-2014-1548 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 31.0-1 [wheezy] - iceweasel <not-affected> (Only affects releases after ESR24) [squeeze] - iceweasel <end-of-life> -CVE-2014-1547 [Miscellaneous memory safety hazards] - RESERVED +CVE-2014-1547 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) + {DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel <end-of-life> - icedove <unfixed> @@ -8888,8 +8946,8 @@ [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> NOTE: Only the Wheezy builds use the bundled nspr -CVE-2014-1544 [Race-condition in certificate verification can lead to Remote code execution] - RESERVED +CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate function ...) + {DSA-2986-1} - nss 2:3.16.3-1 - iceweasel <unfixed> [squeeze] - iceweasel <end-of-life> @@ -10030,14 +10088,14 @@ - movabletype-opensource 5.2.9+dfsg-1 (bug #734304) CVE-2014-0971 RESERVED -CVE-2014-0970 - RESERVED +CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management - ...) + TODO: check CVE-2014-0969 RESERVED -CVE-2014-0968 - RESERVED -CVE-2014-0967 - RESERVED +CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...) + TODO: check +CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...) + TODO: check CVE-2014-0966 RESERVED CVE-2014-0965 @@ -10056,8 +10114,8 @@ NOT-FOR-US: IBM WebSphere Portal CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through ...) NOT-FOR-US: IBM WebSphere Portal -CVE-2014-0957 - RESERVED +CVE-2014-0957 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...) + TODO: check CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 ...) @@ -12719,8 +12777,7 @@ NOT-FOR-US: OpenShift CVE-2014-0232 RESERVED -CVE-2014-0231 [mod_cgid denial of service] - RESERVED +CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...) - apache2 2.4.10-1 CVE-2014-0230 RESERVED @@ -12731,8 +12788,7 @@ NOT-FOR-US: Apache Hive CVE-2014-0227 RESERVED -CVE-2014-0226 [mod_status buffer overflow] - RESERVED +CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server ...) - apache2 2.4.10-1 CVE-2014-0225 [Information disclosure via SSRF] RESERVED @@ -13123,11 +13179,9 @@ - tomcat8 8.0.8-1 - tomcat7 7.0.54-1 - tomcat6 6.0.41-1 -CVE-2014-0118 [mod_deflate denial of service] - RESERVED +CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate ...) - apache2 2.4.10-1 -CVE-2014-0117 [mod_proxy denial of service] - RESERVED +CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, ...) - apache2 2.4.10-1 [squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9) [wheezy] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9) @@ -20231,8 +20285,7 @@ {DSA-2837-1} - openssl 1.0.1f-1 [squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e) -CVE-2013-4352 - RESERVED +CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c in the ...) - apache2 2.4.7-1 (low) NOTE: According to http://httpd.apache.org/security/vulnerabilities_24.html this should only affect NOTE: 2.4.6, but that seems wrong, since 2.4.6 was a single-change regression update @@ -20510,8 +20563,7 @@ NOT-FOR-US: Drupal contributed module Zen CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: Drupal addon -CVE-2013-4273 - RESERVED +CVE-2013-4273 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not ...) NOT-FOR-US: Drupal contributed module Entity API CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x ...) NOT-FOR-US: Drupal addon @@ -26388,7 +26440,7 @@ - jquery-jplayer 2.1.0-2 NOTE: used for jPlayer 2.2.23 XSS NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3 -CVE-2013-2022 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...) +CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - jquery-jplayer 2.1.0-2 NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373 NOTE: used for jPlayer 2.2.20 XSS @@ -26664,7 +26716,7 @@ CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check ...) - linux <not-affected> (RHEL-specific backport regression) - linux-2.6 <not-affected> (RHEL-specific backport regression) -CVE-2013-1942 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...) +CVE-2013-1942 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - owncloud <not-affected> (Depends on libjs-jquery-jplayer) - jquery-jplayer 2.1.0-2 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/ @@ -28391,7 +28443,7 @@ NOT-FOR-US: glFusion CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...) NOT-FOR-US: CubeCart -CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...) +CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in assets/player.swf in the ...) {DSA-2772-1} - typo3-src 4.5.29+dfsg1-1 [squeeze] - typo3-src <no-dsa> (Too intrusive to backport) @@ -28596,7 +28648,7 @@ NOT-FOR-US: NetArt Media Car Portal CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 ...) NOT-FOR-US: ChurchCMS -CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in he Zingiri Web ...) +CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web ...) NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: PHP Volunteer Management not in Debian @@ -37337,6 +37389,7 @@ CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in ...) NOT-FOR-US: Websense CVE-2008-7313 [Incomplete fix for CVE-2008-4796] + RESERVED - libphp-snoopy <unfixed> NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 @@ -42328,8 +42381,7 @@ NOT-FOR-US: Cumin CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...) NOT-FOR-US: Cumin -CVE-2012-2682 - RESERVED +CVE-2012-2682 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...) NOT-FOR-US: Cumin CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...) NOT-FOR-US: Cumin @@ -48435,6 +48487,7 @@ CVE-2003-1598 RESERVED CVE-2002-2444 [snoopy: Security hole in exec cURL] + RESERVED - libphp-snoopy <not-affected> (affected version never was in the repo) NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2 NOTE: http://sourceforge.net/p/snoopy/bugs/13/ _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits