Author: aw-guest
Date: 2013-04-30 22:51:27 +0000 (Tue, 30 Apr 2013)
New Revision: 22108
Modified:
data/CVE/list
Log:
CVE-2013-0787, CVE-2013-0783, CVE-2013-0782, CVE-2013-0780, CVE-2013-0776,
CVE-2013-0775, CVE-2013-0773 fixed in experimental.
CVE-2013-2635, CVE-2013-0349, CVE-2013-0313, CVE-2013-0310, CVE-2013-0309,
CVE-2013-0268 fixed.
CVE-2013-2634, CVE-2013-1826, CVE-2013-1773 fixed in unstable/testing.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-30 21:14:24 UTC (rev 22107)
+++ data/CVE/list 2013-04-30 22:51:27 UTC (rev 22108)
@@ -1417,11 +1417,11 @@
- linux <not-affected> (Introduced in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the
Linux ...)
- - linux <unfixed>
+ - linux 3.2.41-2
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not
initialize ...)
- - linux <unfixed>
+ - linux 3.2.41-2
- linux-2.6 <removed>
CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of
a GET ...)
- piwik <itp> (bug #506933)
@@ -3459,8 +3459,9 @@
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-47
CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the
Linux ...)
- - linux <unfixed> (low)
+ - linux 3.2.41-2 (low)
- linux-2.6 <removed> (low)
+ NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2
CVE-2013-1825
REJECTED
CVE-2013-1824
@@ -3608,8 +3609,9 @@
- linux 3.2.38-1
- linux-2.6 <removed>
CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the
Linux ...)
- - linux <unfixed>
+ - linux 3.2.41-2
- linux-2.6 <removed>
+ NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2
CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel
3.x ...)
- linux 3.2.39-1
- linux-2.6 <not-affected> (Vulnerability exposed since 3.0)
@@ -5897,7 +5899,7 @@
- iceweasel <unfixed>
NOTE: fixed in experimental 20.0-1
CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted
function ...)
- - iceweasel <unfixed>
+ - iceweasel 19.0.2-1
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x
and 3.x ...)
@@ -5913,11 +5915,11 @@
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- - iceweasel <unfixed> (bug #703071)
+ - iceweasel 19.0-1 (bug #703071)
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0782 (Heap-based buffer overflow in the
nsSaveAsCharset::DoCharsetConversion ...)
- - iceweasel <unfixed> (bug #703071)
+ - iceweasel 19.0-1 (bug #703071)
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint
...)
@@ -5925,7 +5927,7 @@
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
CVE-2013-0780 (Use-after-free vulnerability in the ...)
- - iceweasel <unfixed> (bug #703071)
+ - iceweasel 19.0-1 (bug #703071)
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox
before ...)
@@ -5941,11 +5943,11 @@
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
- icedove <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3,
...)
- - iceweasel <unfixed>
+ - iceweasel 19.0-1 (bug #703071)
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0775 (Use-after-free vulnerability in the ...)
- - iceweasel <unfixed> (bug #703071)
+ - iceweasel 19.0-1 (bug #703071)
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3,
...)
@@ -5953,7 +5955,7 @@
- iceweasel <not-affected> (Introduced in Firefox 15)
- icedove <not-affected> (Introduced in Firefox 15)
CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW)
...)
- - iceweasel <unfixed> (bug #703071)
+ - iceweasel 19.0-1 (bug #703071)
- icedove <unfixed>
- iceape <unfixed>
CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before
19.0, ...)
@@ -7284,7 +7286,7 @@
- pktstat 1.8.5-3 (bug #701211)
[squeeze] - pktstat <not-affected> (Vulnerable code not present)
CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the
Linux ...)
- - linux <unfixed>
+ - linux 3.2.41-2
- linux-2.6 <removed>
CVE-2013-0348 [sthttpd world-redable logdir]
RESERVED
@@ -7381,7 +7383,7 @@
CVE-2013-0314 (The GateIn Portal export/import gadget in JBoss Enterprise
Portal ...)
NOT-FOR-US: GateIn Portal
CVE-2013-0313 (The evm_update_evmxattr function in ...)
- - linux <unfixed>
+ - linux <not-affected> (Code not enabled in Wheezy)
- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to
cause a ...)
- 389-ds-base 1.3.0.3-1
@@ -7389,11 +7391,12 @@
- linux 3.2.41-1
- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0310 (The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the
Linux ...)
- - linux <unfixed>
+ - linux <not-affected> (Code not enabled in Wheezy)
- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before
3.6.2, when ...)
- - linux <unfixed>
+ - linux 3.2.41-2
- linux-2.6 <not-affected> (THP not in Squeeze)
+ NOTE: Probably gone since 3.2.32, but I checked 3.2.41-2
CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify
that the ...)
- git <not-affected> (OpenSSL support is not enabled in Debian, see bug
#701586)
NOTE: http://marc.info/?l=git&m=136134619013145&w=2
@@ -7459,7 +7462,7 @@
CVE-2013-0291
RESERVED
CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the
Linux ...)
- - linux <unfixed>
+ - linux <not-affected> (Introduced in 3.4, fixed in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.4)
CVE-2013-0289 [missing SSL subject verification]
RESERVED
@@ -7533,8 +7536,8 @@
- ruby1.9.1 1.9.3.194-7 (bug #700436)
- ruby1.8 <not-affected> (json ext not present in 1.8)
CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux
kernel ...)
- - linux <unfixed>
- - linux-2.6 <removed>
+ - linux 3.2.41-2
+ - linux-2.6 2.6.32-48squeeze1
CVE-2013-0267
RESERVED
CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
