Author: aw-guest
Date: 2014-01-12 20:56:21 +0000 (Sun, 12 Jan 2014)
New Revision: 25171
Modified:
data/CVE/list
Log:
CVE-2013-4357 unimportant?
CVE-2013-4237 CVE-2013-4332 CVE-2013-4458 CVE-2013-4387 fixed in point update
CVE-2013-6383 fixed in 3.11.8-1
CVE-2013-1741, CVE-2013-5606 bug reported
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-12 15:47:15 UTC (rev 25170)
+++ data/CVE/list 2014-01-12 20:56:21 UTC (rev 25171)
@@ -4375,7 +4375,7 @@
- ceilometer 2013.2-4 (bug #730227)
CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c
in the ...)
- linux-2.6 <removed>
- - linux <unfixed>
+ - linux 3.11.8-1
NOTE:
http://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the
Linux ...)
- linux-2.6 <removed> (low)
@@ -6232,7 +6232,7 @@
{DSA-2820-1}
- nspr 2:4.10.2-1
CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla ...)
- - nss 2:3.15.3-1
+ - nss 2:3.15.3-1 (bug #735105)
CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 ...)
{DSA-2800-1}
- nss 2:3.15.3-1
@@ -8552,6 +8552,8 @@
CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in ...)
- linux 3.8-1
- linux-2.6 <removed>
+ [wheezy] - linux 3.2.53-1
+ NOTE: fixed in point update
CVE-2013-4591 (Buffer overflow in the __nfs4_get_acl_uncached function in ...)
- linux 3.8-1
[wheezy] - linux <not-affected> (Introduced in 3.6)
@@ -8992,7 +8994,7 @@
- lightdm <not-affected> (Only in combination with guest profile,
apparmor and 1.8.x branch)
CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
- eglibc <unfixed> (low; bug #727181)
- [wheezy] - eglibc <no-dsa> (Minor issue)
+ [wheezy] - eglibc 2.13-38+deb7u1
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072
@@ -9231,6 +9233,7 @@
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does
not ...)
- linux-2.6 <removed>
- linux 3.11.5-1
+ [wheezy] - linux 3.2.53-2
CVE-2013-4386 (Multiple SQL injection vulnerabilities in ...)
- foreman <itp> (bug #663101)
CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in
the "extras" unit ...)
@@ -9333,6 +9336,7 @@
RESERVED
- eglibc <unfixed>
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
+ NOTE: unimportant?
CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow
pagetables when ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.3+)
@@ -9431,7 +9435,7 @@
NOT-FOR-US: OpenPNE
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C
Library ...)
- eglibc 2.17-93 (bug #722536)
- [wheezy] - eglibc <no-dsa> (Will be fixed in point update)
+ [wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-4331 [incorrect .Xauthority permissions]
RESERVED
- lightdm 1.6.2-1 (bug #721744)
@@ -9753,7 +9757,7 @@
NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or
libc6) ...)
- eglibc 2.17-94 (bug #719558)
- [wheezy] - eglibc <no-dsa> (Will be fixed in point update)
+ [wheezy] - eglibc 2.13-38+deb7u1
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows
privileged ...)
@@ -16485,7 +16489,7 @@
- bugzilla4 <itp> (bug #669643)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS)
3.15 ...)
- - nss 2:3.15.3-1
+ - nss 2:3.15.3-1 (bug #735105)
NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
CVE-2013-1740
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
